SWIFT asks local banks to amp up cyber security

SWIFT, which provides the network through which banks make international transfers, has warned its user banks in Bangladesh on the potential cyber threats as a result of the weak IT infrastructure in the country.

Subsequently, it has asked the banks to take preventive and detective security measures to safeguard their systems from hackers.

The development comes after a band of hackers broke into Bangladesh Bank's SWIFT server in February to make off with $101 million of its reserve money deposited with the Federal Reserve Bank of New York.

SWIFT, in its security guidance to Bangladeshi banks last month, believes the hackers have exploited the weaknesses in Bangladesh's IT infrastructure to pull off the heist.

“From what we understand of the threats in question, these seem to aim to exploit weaknesses in the setup of the local operating environment, using these to take control of the environment and enabling the attackers to impersonate genuine operators and successfully transmit fraudulent transactions.”

“We reiterate that the SWIFT network itself was not breached and that our messaging systems were not compromised.”

In addition to the existing security recommendations, SWIFT encouraged its users to make sure they have implemented and maintained the physical and logical security set-up of the banks' local environment and systems.

It also asked the banks to deploy and activate the appropriate security features in the banks' interfaces to the SWIFT network and other local applications.

In line with cyber best practices, particular attention should be given to detection capabilities including looking at abnormal events, such as failed logins, as these may be early indicators of malicious activities, SWIFT said.

Asked about the security guidance, Anis A Khan, chairperson of SWIFT's user and member group in Bangladesh, said: “We are doing it.”