Prior to yesterday's news that North Korea was suspected of involvement in attacks on the international financial network Swift, it had launched a plan to work with banks to tighten up its system's security.
Following several thefts using flaws in systems that connect with the network, Swift outlined how it would bolster security. However, it did stress that its own network, software and core messaging services have not been compromised.
“This customer security programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines,” the organisation said in a statement.
It will focus on a number of initiatives. First, it will strengthen security requirements for customer-managed software to better protect local environments.
Second, it will enhance security and operational baselines, and develop related audit standards and certification processes for the secure management of SWIFT messages at customer sites.
There will also be more sharing of best practices for fraud detection at the receiving bank. It said it will “explore the feasibility of tools that would detect anomalies on our own network, for example as an ‘opt-in' service to our customers”.
Last, it will enhance support by third party providers and foster a secure ecosystem through partner programmes, organisation of industry events, certification programmes and other measures.
Swift CEO Gottfried Leibbrandt said that while each individual Swift customer is responsible for the security of its own environment, “the security of global banking can only be ensured collectively”.
“It requires a collaborative approach between Swift, its customers, overseers, and third party suppliers. Swift is fully committed to leading the community effort required to keep global banking safe and deploying its knowledge and expertise to help customers in the fight against cyber-attacks,” he said.
So far at least four banks have been hit by such attacks. Symantec said in a blog post that cyber-criminal gang Lazarus was linked to an attack on a bank in the Philippines.
It has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.
“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region. While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant,” said the firm in a blog post prior to yesterday's disclosures.
Justin Harvey, CSO at Fidelis Cybersecurity, told SCMagazineUK.com that regularly monitoring access to systems with sensitive data, monitoring for data exfiltration and properly classifying sensitive data, the risk of a robbery can be reduced.
“Organisations shouldn't assume attackers will only come in from the outside, however, and they must move from a prevention to a detection model. Outsourced providers need to be monitored and human auditing, where possible, is also important for high value transactions,” he said.