The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, a global messaging service relied on by banks for international money transfers, has hired two large cybersecurity vendors and launched threat intelligence sharing and forensic analysis services for its customers, it announced Monday.
“Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial,’ said Chief Technology Officer Craig Young, in a release announcing SWIFT had hired BAE Systems and Fox-IT.
Delft, Netherlands-based Fox-IT says it is Europe’s largest specialized cybersecurity company. BAE systems is a U.K.-based global defense contractor with a large cyber operation.
SWIFT said the contractors will complement its in-house cyber expertise and work closely with its newly formed Customer Security Intelligence unit ‘to support SWIFT’s customer information sharing initiative and to help strengthen cybersecurity across the global SWIFT community.’
According to the release, the new unit will conduct ‘forensic investigations on customer premises’ where there has been an attack on the SWIFT system, the release said. These investigations ‘will complement the internal investigations being carried out by affected customers. SWIFT is also feeding related intelligence — in anonymized form — back to the wider SWIFT community in order to help prevent future frauds in customer environments.’
‘Information we have already received from impacted banks has allowed us to identify new malware and to publish related [indicators of compromise] which are helping to protect’ other customers, said Young, adding that timely information was vital to make sharing more useful.
‘We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users.”
In February, cyber thieves hacked into the Bangladesh central bank’s connection to the SWIFT network, which is where banks exchange messages authorizing international payments.
The hackers sent a series of payment instructions to the Federal Reserve Bank of New York, transferring $951 million from Bank Bangladesh’s account to financial institutions in the Philippines. Most of the transactions were blocked but $81 million went through and has never been recovered.