The SWIFT global financial network on Monday warned its customers of past cyber fraud incidents in which hackers appeared to have sent bogus messages over its communication system.
According to a Reuters report, the warning was issued while Bangladesh authorities and others follow up on their investigation of an $81 million theft from that country's central bank account at the New York Federal Reserve Bank that occurred in February.
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the network stated in a notice.
The messaging services of SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, enable secure, seamless, and automated financial communication between users in more than 11,000 financial institutions in more than 200 countries,
according to its website.
In the Bangladesh heist,
Gizmodo.com explained, hackers used a malware program called evtdiag.exe, which allowed them to change records on SWIFT databases in order to hide what they were doing.
The malware allows suspects to delete records of transfer requests, intercept messages about payments, and manipulate the displayed account balances to cover a perpetrator's tracks.
"Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems," SWIFT spokeswoman Natasha Deteran told Reuters.
BAE's head of threat intelligence, Adrian Nish, said that malware used in the Bangladesh heist was the most sophisticated he had ever seen.
"I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in," Nish told Reuters. "I guess it was the realization that the potential payoff made that effort worthwhile."