Following the theft of millions of dollars from Bangladesh Bank via the international financial messaging system SWIFT, US banking regulators have outlined steps to tighten cyber-security at the nation’s banks.
US banking regulators issued a joint letter outlining ways they would tighten cyber-security around the nation’s banks that interact with the international financial messaging system SWIFT.
The letter, according to The Wall Street Journal, was sent Wednesday to Rep. Carolyn Maloney (D-NY), who serves on the House Financial Services Committee and who raised questions regarding the massive $81 million cyberheist from Bangladesh Bank in February.
That attack apparently built on similar attacks against a bank in Ecuador in January last year and a Vietnam commercial bank in December, which also communicated with SWIFT, noted The Journal.
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, does not reportedly have the vulnerability itself in its system, but rather cyber-criminals have been exploiting vulnerabilities found in the way banks initiate their funds transfer process with SWIFT.
The letter, according to The Journal, was signed by the Federal Reserve, the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC) and carried a timeline.
May 18: The FDIC issued an internal SWIFT threat alert and instructed examiners to conduct an “expanded review of cyber controls related to SWIFT or any wholesale payment system at future examinations.”
May 25: The Federal Reserve disseminated an internal alert to Fed banking supervisors requesting that institutions that dealt with SWIFT were adequately finding ways to address cyberthreats.
June 1: The FDIC issued guidance to banks regarding mitigation steps the institutions could take to avoid malware that targeted SWIFT software and to avoid cyberthreats.
June 7: Bank regulators issued reminders to financial institutions to actively monitor risks associated with their interbank messaging systems. Bank regulators also told examiners within their own ranks to keep a closer eye on these issues regarding the banks that they supervised.
July 21: The OCC issued a “supervision tip” to its examiners. These types of tips are considered rare and are meant to delve into the background of an issue and provide recommended steps for action.
In addition to the letter banking regulators sent to Maloney, in June a congressional committee launched a probe into the way the Federal Reserve Bank in New York handled the massive heist, according to a CNBC report. The New York Fed maintains accounts for the Bangladesh Bank.
[See 10 Hot Security Technologies Enterprises Need Now.]
Senior representatives from the New York Fed, Bangladesh Bank, and SWIFT met in New York to continue to discuss the cybertheft at India’s central bank. The group issued a statement on Tuesday, saying:
The parties discussed certain technical details of the February event to enhance their mutual understanding of how the fraud occurred, and further discussed steps that have been and will be taken to remediate the event and place Bangladesh Bank’s account at the New York Fed on a path to more normalized long-term operations. The participants remain concerned about this event and recommitted to working together to recover the entire proceeds of the fraud as expeditiously as possible, bring the perpetrators to justice in cooperation with law enforcement from other jurisdictions, and lend support to multilateral international efforts to further protect the global financial system from these types of attacks in the future.
In addition to the issue of millions of dollars that were taken, concerns arose that the cyber-criminals may also be potentially willing to engage in physical violence. A cyber-security researcher investigating the Bangladesh Bank heist was abducted and found a week later wandering the streets, according to an International Business Times report.