"The threat is persistent, adaptive and sophisticated – and it is here to stay. We continue to see cases in which our customers’ environments have been compromised and subsequent attempts made to send fraudulent payment instructions."SWIFT is keen to emphasise that it does not believe its own systems have suffered a breach, but that the problem stems from lax security at some of the 11,000 banks to which it provides services. In SWIFT's view, the attacks were ably assisted by lax computer security practices in some banks, which could have opened opportunities for hackers to scour hacked networks in their hunt for SWIFT transfer credentials. Therefore, says Desauso, bank's defences can be hardened by engaging with SWIFT's Customer Security Programme (CSP):
"The threat requires industry-wide co-operation and a long-term response in the form of our CSP. We are making tangible progress. Fortunately a good number of recent attacks have been thwarted or prevented either because our customers have stopped suspicious instructions or because the attacks have been identified and the frauds ultimately prevented as a direct result of measures introduced through the CSP."To provide further assistance, SWIFT plans to release a new tool in December called "Daily Validation Reports" that will provide banks and other clients with a daily summary of messages, highlighting unusual patterns of behaviour. Even with the tool in place, SWIFT's Desauso firmly put the ball in banks' courts to improve their security:
"Measures like our recently announced Daily Validation Reports, which help our customers preserve the integrity of their environments, show that the programme is making progress. We will continue to support our community, but, as the threat persists, the role of our customers remains absolutely critical: any customer that fails to address the logical and physical security of its environment is at risk."With such huge amounts of money at stake, it's clearly important for security to be improved and for more to be done to prevent the fraudulent movement of funds by hackers. After all, it's not just the sheer amount of stolen cash that we should be worried about, but who might be ultimately benefiting from the millions of dollars that have been stolen so far - and what they plan to do with it. Further reading: 5 Actionable Steps We Can Learn from the SWIFT Banking Attacks Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.