The messaging system which is used by 11,000 global financial institutions to transfer money stated on Thursday that it was yet again hit by a malware attack on its systems.
“First and foremost we would like to reassure you again that the SWIFT network, core messaging services and software have not been compromised. We have however now learnt more about a second instance in which malware was used – again directed at banks’ secondary controls, but which in this instance targets a PDF Reader used by the customer to check its statement messages.
Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.
In both instances, the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud.
The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”
The latest findings from the company confirms that “malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network.”
“There is no evidence that the malware creates or injects new messages or alters the content of legitimate outgoing messages. This malware only targets the PDF reader in affected institutions’ local environments and has no impact on SWIFT’s network, interface software or core messaging services.
Customers that use PDF reader applications to check their confirmation messages should take particular care.”