Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

SWIFT Bank Network Hit by Multiple Cyber Fraud Attacks

April 26, 2016, 12:45 AM UTC
Florida Attorney General Opens New CyberCrime Unit Office
FORT LAUDERDALE, FL - MARCH 07: Lt. Mike Baute from Florida's Child Predator CyberCrime Unit talks with people on instant messenger during the unveiling of a new CyberCrimes office March 7, 2008 in Fort Lauderdale, Florida. One of the people on the other side of the chat told Lt. Baute, who is saying he is a 14 year old girl, that he is a 31 year old male and sent him a photograph of himself. According to current statistics, more than 77 million children regularly use the Internet. The Federal Internet Crimes Against Children Task Force says Florida ranks fourth in the nation in volume of child pornography. Nationally, one in seven children between the ages of ten and 17 have been solicited online by a sexual predator. (Photo by Joe Raedle/Getty Images)
Photograph by Joe Raedle — Getty Images

SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.

The disclosure came as law enforcement authorities in Bangladesh and elsewhere continued to investigate the February cyber theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on the bank’s computers to hide evidence of fraudulent transfers.

“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday in a notice seen by Reuters.

Get Data Sheet, Fortune’s technology newsletter.

The warning, which SWIFT issued in a confidential alert sent over its network on Monday, did not name any victims or disclose the value of any losses from the previously undisclosed attacks. SWIFT confirmed to Reuters the authenticity of the notice.

Also on Monday, SWIFT released a security update to the software that banks use to access its network.

SWIFT issued that update to thwart malware that security researchers with British defense contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist.

BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks.

Bank Hackers Steal an Estimated $300 Million

BAE said it could not explain how the fraudulent orders were created and pushed through the system.

But SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.

It said the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.

SWIFT to Advise Banks on Security as Bangladesh Hack Details Emerge

SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions. Its messaging platform is used by 11,000 banks and other institutions around the world and is considered a linchpin of the global financial system.

SWIFT spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.

“Customers should do their utmost to protect against this,” she said in an email to Reuters.

SWIFT told customers that the security update must be installed by May 12.

“We have made the Alliance interface software update mandatory as it is designed to help banks identify situations in which attackers have attempted to hide their traces—whether these actions have been executed manually or through malware,” she said.