Evidence is mounting that the ecosystem surrounding SWIFT transfers is vulnerable to fraud. While it uses a private network, SWIFT is still a messaging system and therefore an avenue for cybercriminals to launch a wide range of electronic attacks. With the launching of SWIFT Web access end customers become more attractive targets, which may lead to more attacks as criminals start phishing campaigns to compromise SWIFT credentials.
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Could the Attacks on the SWIFT Network Have Been Prevented?
1. How to Prevent SWIFT Network
Attacks
Paul Wilson
Product Manager
2. AGENDA
• Recent attacks on the SWIFT
network
• What are the SWIFT network’s
vulnerabilities?
• Could the attacks on the SWIFT
network have been prevented?
• How to quickly detect and stop
fraudulent financial activity
4. 4
Highly Unusual Malware Used – mscoutc.exe
• Used a vulnerability in a
common pdf reader as attack
vector
• Deleted configuration and log
files
• Uses wipe-out techniques to
prevent files from being
recovered forensically
• File-delete function
• Manipulated printers to prevent
SWIFT network confirmation
messages from being received
• Identical to Sony hack attack
techniques
8. 8
SWIFT recently launched a web access portal
• SWIFT has noted that
the network itself
wasn’t compromised
• ”…the attackers have
exploited
vulnerabilities in banks
funds’ transfer
initiation
environments, prior to
messages being sent
over SWIFT.”
9. What SWIFT Says
9
“Please remember that as a SWIFT
user you are responsible for the
security of your own systems
interfacing with the SWIFT
network and your related
environment – starting with basic
password protection practices – in
much the same way as you are
responsible for your other security
considerations.”
10. 10
• SWIFT has noted that
the network itself
wasn’t compromised
• ”…the attackers have
exploited
vulnerabilities in banks
funds’ transfer
initiation
environments, prior to
messages being sent
over SWIFT.”
Insiders are also a threat
• Malware was designed
just for the bank
attacked in Bangladesh,
defeating systems and
checks
• The SWIFT attacks have
been so sophisticated
and complex that it is
surmised that an
employee must have
collaborated with the
cybercriminals.
14. 14
Malware Detection and Mitigation beyond Blacklists
• Threats are moving faster
than legacy endpoint
detection solutions can
identify and stop them
• Having 100% of end users
covered is crucial
• The goal is disabling
malware, not removing it.
15. 15
Fraud Intelligence – Do you know if there are…
Suspicious connections to your portals?
Similar domains to yours on the web?
Social media profiles using your brands, that you
didn’t create?
Unauthorized applications with your brand imagery
on app stores?
Spoofers of your domains sending fake messages?
16. 16
16
• What if insiders disable all
of your protection
methods?
• What if social engineering
tricks your employees into
enabling an attack?
• What if the problem is at
another less secure bank
processing a transaction
along with yours?
When Every Other Protection Layer Breaks Down
18. 18
A spelling mistake in a
transaction order, noticed by a
bank employee, raised a red flag.
It stopped millions of more
dollars from being stolen.
Machine learning can automate
the discovery and alerting of
such errors.
19. 19
Manually updating
lists of known or
suspected fraudulent
destinations, and the
bank accounts tied to
them, is no longer
enough.
20. 20
Rules for what you’ve seen before, machine learning
and heuristic analysis to predict future fraud.
22. Filters and Rules
How to detect fraudulent transactions & activities
First Stage Second Stage Third Stage
Location
Deviation
Time
Deviation
Behavior Heuristic Engine Suspicious Activity Analyzers
23. Taking a complete approach
• Behavioral Learning to react faster to new fraud
strategies
• Rules and Suspicious Activity Analyzers
• Keep your best performing rules while leveraging
heuristics for everything else
• Complete Solution for Fraud Management
23
24. In Review
Stopping SWIFT attacks in the future
• Anomaly detection
• Automated predictions through machine-based learning
• Automatic list updates of suspicious fraudulent
accounts/destinations
• Compounded evaluations
• All a part of DetectTA from Easy Solutions