BAE Systems discovers banking malware that compromised Swift

The Swift (Society for Worldwide Interbank Financial Telecommunication) system has apparently fallen victim to the same sophisticated hacking scheme that was used to disrupt the Bangladesh central bank last month.

The cyberattack in Bangladesh resulted in a loss of $951 million from the central banks account at the Federal Reserve in New and it now it seems likely, thanks to new research from BAE systems, that Swift was also compromised during the attack.

During their investigation of the attack, security researchers at the company found a hidden piece of malware that lead to a loss of $81 million. It was previously believed that the cybercriminals had attacked the central bank of Bangladesh primarily to steal the necessary credentials which would allow them to gain access to its accounts at the Federal Reserve. However, BAE systems' researchers now think that Swift was compromised as a means of erasing the records of the malicious financial transfers.

Swift had done its best to reassure banks and other financial institutions that its system is still secure. The company has issued an emergency software update that will be releasing soon and it has also sent out a 'special warning' to encourage financial firms to review the security procedures they currently have in place.

The researchers at BAE systems found that the malware used in the attack was able to manipulate a Swift client known as 'Alliance Access'. This has led many to believe that other vulnerabilities exist within the messaging software that could make other systems prone to cyberattacks.

Sergei Schevchenko, a cyber threat researcher at BAE Systems thinks that the attack in Bangladesh could be a blueprint for future attacks: “This malware was written bespoke for attacking a specific victim infrastructure, but the general tools, techniques and procedures used in the attack may allow the gang to strike again.

"All financial institutions who run Swift Alliance Access and similar systems should be seriously reviewing their security now to make sure they too are not exposed”

Image Credit: Jonathan Weiss / Shutterstock