June 6, 2016 By Douglas Bonderud 2 min read

Another day, another SWIFT attack. That’s the word from SecurityWeek, which detailed a string of fraudulent transactions between Wells Fargo and Ecuador’s Banco del Austro (BDA). Now, BDA is suing Wells Fargo while SWIFT is looking for speedy ways to safeguard its money moving service. Both the initial response and ultimate responsibility are under scrutiny as companies hope to fast-track worry-free transfers.

Third Time’s the Charm?

This is the third big SWIFT breach reported. The Vietnamese Tien Phone Bank suffered losses in 2015, and the Bangladesh Central Bank (BCB) lost $81 million in February 2016.

BDA’s attack goes further back: On Jan. 12, 2015, at least 12 fraudulent transfer requests were made to Wells Fargo, supposedly from BDA, asking the company to move $12 million to accounts in Hong Kong, Dubai and the U.S. SWIFT wasn’t in the loop until a Reuters investigation turned up court documents of the BDA/Wells Fargo lawsuit.

Unlike BCB, which blamed its losses on SWIFT, BDA is suing Wells Fargo directly. For its part, Wells Fargo said it “properly processed the wire instructions received via authenticated SWIFT messages” and therefore isn’t responsible, SecurityWeek stated.

SWIFT, meanwhile, makes the point that it can’t help anyone if companies don’t report these frauds directly. According to ITProPortal, SWIFT is adamant that the network has not been compromised.

Walk of Blame

So who’s responsible for the BDA SWIFT attack? What about Bangladesh, Vietnam or others that haven’t been reported? SC Magazine noted that there’s some evidence pointing to North Korea: It’s likely that the country’s Lazarus Group is responsible for the BCB attack and possibly other high-value SWIFT breaches. According to CNN, a federal probe has been launched to determine the extent of North Korean involvement.

Of course, pinning down attackers doesn’t patch security holes. SWIFT argued that banks need to beef up network defenses, watch more carefully for fraudulent activity and always report any SWIFT-related issues. Banks, meanwhile, are calling on SWIFT to do a better job of protecting the system from malicious access, which would in turn negate the need for increased bank oversight of the process.

Learning From the SWIFT Attack

Bottom line? It’s a chicken-and-egg scenario, but being right doesn’t really matter if millions are rapidly disappearing. As noted by Bloomberg, SWIFT is taking action to solve the problem at its end. But while CEO Gottfried Leibbrandt said it’s aiming for some “quick wins” in the near future, “the full rollout, the full shore-up, will be a matter of years.”

SWIFT is trying, but it won’t happen overnight. Response and responsibility rest with banks — at least in the near term. For BDA, suing Wells Fargo might provide some temporary relief, but with new and historic SWIFT attacks emerging, time and effort may be better spent hunting down fraudulent transactions and providing SWIFT the data it needs to slow attacker progress.

More from

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today