Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Could the Attacks on the SWIFT Network Have Been Prevented?


Published on

Evidence is mounting that the ecosystem surrounding SWIFT transfers is vulnerable to fraud. While it uses a private network, SWIFT is still a messaging system and therefore an avenue for cybercriminals to launch a wide range of electronic attacks. With the launching of SWIFT Web access end customers become more attractive targets, which may lead to more attacks as criminals start phishing campaigns to compromise SWIFT credentials.

Published in: Technology
  • Excellent presentation and well in time.I request you to mail it me on Thanking in anticipation.
    Are you sure you want to  Yes  No
    Your message goes here

Could the Attacks on the SWIFT Network Have Been Prevented?

  1. 1. How to Prevent SWIFT Network Attacks Paul Wilson Product Manager
  2. 2. AGENDA • Recent attacks on the SWIFT network • What are the SWIFT network’s vulnerabilities? • Could the attacks on the SWIFT network have been prevented? • How to quickly detect and stop fraudulent financial activity
  3. 3. 3 Cybercriminals attempted to steal US$1 billion in an attack on a Bangladeshi bank
  4. 4. 4 Highly Unusual Malware Used – mscoutc.exe • Used a vulnerability in a common pdf reader as attack vector • Deleted configuration and log files • Uses wipe-out techniques to prevent files from being recovered forensically • File-delete function • Manipulated printers to prevent SWIFT network confirmation messages from being received • Identical to Sony hack attack techniques
  5. 5. 5 Hackers steal US$9 Million from Ecuadorean bank via SWIFT
  6. 6. 6 These are just the attacks that have been made public through journalists and court records.
  7. 7. 7 The SWIFT network is a messaging system at its core.
  8. 8. 8 SWIFT recently launched a web access portal • SWIFT has noted that the network itself wasn’t compromised • ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.”
  9. 9. What SWIFT Says 9 “Please remember that as a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environment – starting with basic password protection practices – in much the same way as you are responsible for your other security considerations.”
  10. 10. 10 • SWIFT has noted that the network itself wasn’t compromised • ”…the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT.” Insiders are also a threat • Malware was designed just for the bank attacked in Bangladesh, defeating systems and checks • The SWIFT attacks have been so sophisticated and complex that it is surmised that an employee must have collaborated with the cybercriminals.
  11. 11. 11 Could the SWIFT Attacks Have Been Prevented?
  12. 12. 12 You may not know what future attacks will look like, but you can still make them harder for cybercriminals to launch.
  13. 13. 13 Multi-Factor Authentication – The Bare Minimum
  14. 14. 14 Malware Detection and Mitigation beyond Blacklists • Threats are moving faster than legacy endpoint detection solutions can identify and stop them • Having 100% of end users covered is crucial • The goal is disabling malware, not removing it.
  15. 15. 15 Fraud Intelligence – Do you know if there are… Suspicious connections to your portals? Similar domains to yours on the web? Social media profiles using your brands, that you didn’t create? Unauthorized applications with your brand imagery on app stores? Spoofers of your domains sending fake messages?
  16. 16. 16 16 • What if insiders disable all of your protection methods? • What if social engineering tricks your employees into enabling an attack? • What if the problem is at another less secure bank processing a transaction along with yours? When Every Other Protection Layer Breaks Down
  17. 17. 17 All wire transactions passing from one bank account to another through SWIFT must be recorded, tracked and contextualized.
  18. 18. 18 A spelling mistake in a transaction order, noticed by a bank employee, raised a red flag. It stopped millions of more dollars from being stolen. Machine learning can automate the discovery and alerting of such errors.
  19. 19. 19 Manually updating lists of known or suspected fraudulent destinations, and the bank accounts tied to them, is no longer enough.
  20. 20. 20 Rules for what you’ve seen before, machine learning and heuristic analysis to predict future fraud.
  21. 21. 21 Compound Evaluations Events that might not indicate fraud by themselves may indicate it when found together.
  22. 22. Filters and Rules How to detect fraudulent transactions & activities First Stage Second Stage Third Stage Location Deviation Time Deviation Behavior Heuristic Engine Suspicious Activity Analyzers
  23. 23. Taking a complete approach • Behavioral Learning to react faster to new fraud strategies • Rules and Suspicious Activity Analyzers • Keep your best performing rules while leveraging heuristics for everything else • Complete Solution for Fraud Management 23
  24. 24. In Review Stopping SWIFT attacks in the future • Anomaly detection • Automated predictions through machine-based learning • Automatic list updates of suspicious fraudulent accounts/destinations • Compounded evaluations • All a part of DetectTA from Easy Solutions
  25. 25. Thank You Questions? Paul Wilson