SWIFT, the global financial network that banks use to transfer billions of dollars every day, warned its customers on Monday that it was aware of "a number of recent cyber incidents" where attackers had sent fraudulent messages over its system.
The disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.
SWIFT
has acknowledged that the scheme involved altering
SWIFTsoftware on Bangladesh Bank's computers to hide evidence of fraudulent transfers.
Monday's statement from
SWIFT
marked the first acknowledgment that the Bangladesh Bank attack was not an isolated incident but one of the several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions.
"SWIFT
is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit
SWIFT
messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the
SWIFT
network," the group warned customers on Monday in a notice seen by Reuters.
The warning, which
SWIFT
issued in a confidential alert sent over its network, did not name any victims or disclose the value of any losses from the previously undisclosed attacks.
SWIFT confirmed to Reuters the authenticity of the notice.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions.
Also on Monday,
SWIFT
released a security update to the software that banks use to access its network to thwart malware that security researchers with British defense contractor BAE Systems said were probably used by hackers in the Bangladesh Bank heist.
BAE's evidence suggested that hackers manipulated
SWIFT's Alliance Access server software, which banks use to interface with
SWIFT's messaging platform, to cover their tracks.
BAE said it could not explain how the fraudulent orders were created and pushed through the system.
But
SWIFT
provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar.
It said the attackers obtained valid credentials for operators authorized to create and approve
SWIFT
messages, then submitted fraudulent messages by impersonating those people.
FireEye, the internet security company whose Mandiant unit was hired by Bangladesh Bank to help investigate the heist, said the same group behind that hack had probably attacked other financial targets.
"FireEye has observed activity in other financial services organizations that are likely by the same threat actor behind the cyber attack on the Bank of Bangladesh," Vivek Chudgar, Mandiant's senior director for the Asia Pacific said in a statement emailed to Reuters.
FireEye declined to go into detail.
Rakesh Asthana, the World Informatix Cyber Security CEO, who is overseeing Bangladesh Bank's probe into the hack, declined to discuss the other attacks that
SWIFT
referred to.
He did, though, urge banks to conduct independent security assessments to make sure their networks are secure and prevent future attacks.
"SWIFT
builds on security practices established by the customer itself and therefore it is imperative that in the wake of this attack, customers using
SWIFT
Alliance Access must strengthen their cyber security posture," Asthana said
FOLLOWING THE MONEY
Cyber security experts said more attacks could surface as
SWIFT's banking clients look to see if their
SWIFT
access has been compromised.
Shane Shook, a banking security consultant who investigates large financial crime, said hackers were turning to
SWIFT
and other private financial messaging platforms because such attacks can generate more revenue than going after consumers or small businesses.
"These hacks specifically target financial institutions because smaller efforts result in much larger thefts," he said. "It's much more efficient than stealing from consumers."