According to reports emerging today, SWIFT “is aware of a number of recent cyber incidents” involving the hacking of their SWIFT software, and have urged 11,000 financial institutions to update their software with a new security update they released on Monday.
SWIFT has been the focus of intense scrutiny since the theft of US$81m from the Bangladesh Central Bank’s account at the New York Federal Reserve in February this year, apparently via exploitation of security vulnerabilities within Bangladesh Central Bank and the SWIFT software they use.
It is now emerging that, in addition to weaknesses within the SWIFT ‘Alliance Access’ software, the bank also had no firewall security and used consumer-grade second-hand network equipment, leaving them highly susceptible to hacking.
But today’s statement from SWIFT is the first formal acknowledgement that their network could have been exploited not just once but potentially numerous times, and comes after BAE Systems, a British defence contractor, and the Bangladesh Government have been conducting thorough investigations to identify all the security vulnerabilities that led to the successful exploitation.