SWIFT, the messaging network used by financial institutions to complete transactions, announced on Tuesday it has discovered new cyber-theft attempts against its member banks.
According to a report by Reuters, the company sent out a private letter to global clients, warning that new cyber-heists have occurred since June this year.
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” read a copy of the letter, which was obtained by Reuters.
“The threat is persistent, adaptive and sophisticated – and it is here to stay,” warned the Society for Worldwide Interbank Financial Telecommunication (SWIFT).
Due to its privacy agreements, the Brussels-based firm did not disclose the name of the affected banks or the amounts stolen. However, SWIFT noted the banks varied in size and location, and used different methods for accessing the financial messaging system.
According to the letter, all victims had weaknesses in their local security that attackers exploited to compromise the local networks and send fraudulent messages requesting money transfers.
The announcement comes just months after the first major heist in which the Central Bank of Bangladesh lost $81 million to cyber thieves who successfully hacked into SWIFT’s client software.
Subsequently, several other attacks surfaced, including the theft of $12 million from Ecuador’s Banco del Austro and $10 million from an unnamed Ukrainian bank.
Other reported attempts were unsuccessful, such as the case with the Vietnamese Tien Phong Bank after it spotted a fraudulent transfer of 1.2 million euros bound to a Slovenian bank.
Following the spate of attacks, SWIFT has been pushing banks to adopt enhanced security measures, including stronger systems for authenticating users and updates to its software for sending and receiving messages, said Reuters.
Furthermore, SWIFT announced it plans to suspend banks with poor security practices. In the letter, the firm notified banks they must install the latest version of its software by November 19, or they could be reported to regulators and banking partners.
The added security features in its new software include technology for verifying credentials of people accessing a bank’s SWIFT system; stronger password management rules; and better tools for identifying attempts to hack the software.
SWIFT claims its messaging services are used by more than 11,000 financial institutions in more than 200 countries and territories around the world.