An unknown attacker gained access to the Bangladesh Bank’s SWIFT payment system and reportedly instructed an American bank to transfer money from BB’s account to accounts in The Philippines. The attackers attempted to steal $951m, of which $81m is still unaccounted for.
By imprudently relying on the assumption of an impenetrable perimeter for security, the Swift network is wide open to attackers that gain access to the local instance of SWIFT Alliance Access software.
The malware supported attack is performed by modifying the SWIFT application at runtime – which indicates that no runtime application self-protection is currently integrated into the SWIFT software.
Moreover, SWIFT seems to stick to the traditional thinking that local perimeter security is enough when they say: “The key defence against such attack scenarios remains for users to implement appropriate security measures in their local environments to safeguard their systems – in particular those used to access SWIFT – against such potential security threats.”
I fully understand SWIFT’s reluctance to take any responsibility for the banks internal security but I have to remind SWIFT and everyone connected to their network that already in October 2014 Gartner stated that “every app needs to be self-aware and self-protecting”. Maybe it’s time to rethink how to protect SWIFT nodes?