Global bank messaging system SWIFT calls in help to bolster cyber defences

By Huw Jones

LONDON (Reuters) - SWIFT, a messaging system used by banks across the world, announced further steps on Monday to bolster its defences against hackers, after criminals sent fraudulent payment instructions across its network.

The Society for Worldwide Interbank Financial Telecommunication said it has hired two outside cyber security firms, BAE Systems and Fox-IT2, to reinforce in-house expertise, and has set up a team to share cyber defence "best practice" among its customers.

In February, thieves hacked into the Bangladesh central bank's interface with SWIFT's network, which is a pipeline for transferring funds and the backbone of international finance.

They sent payment instructions to the Federal Reserve Bank of New York, telling it to transfer $951 million from Bank Bangladesh's account to accounts in the Philippines. Most of the transactions were blocked but four went through, amounting to $81 million that remains missing.

SWIFT, a Belgium-based co-operative owned by its users, had already unveiled measures to tighten up security.

On Monday it announced it was also setting up a Forensics and Customer Security Intelligence team to investigate security incidents at customers.

The team will help in the collection and sharing of anonymised information with customers on how best to deal with hackers.

SWIFT Chief Technology Officer Craig Young said information from banks that have been subject to fraud attempts was crucial for identifying new malware.

"We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users," Young said in a statement.

SWIFT said its information-sharing initiative has grown significantly since its launch, and now includes detailed intelligence and analysis on the modus operandi of attackers in recent customer fraud cases.

"In addition SWIFT has published an inventory containing some of the specific malware used in reported attacks, as well as indicators of compromise (IoCs) that SWIFT has developed to assist other customers in detecting threats operating in their environments," the company said.

(Reporting by Huw Jones; Editing by Susan Fenton)