Most recent

SWIFT Cyber-Attackers Strike Again - Organizations Must Turn to the Software Defined Perimeter

By Yossi Carmon

SWIFT software defined perimeterCyber-attacks targeting the SWIFT inter-bank transfer system have blighted the financial services industry worldwide over the past two years. Now yet another major attack has been foiled after Malaysia’s central bank blocked an attempted fraudulent transfer of funds via SWIFT. 

The message to financial institutions is clear: hackers are everywhere, they know your networks inside out, and they are evolving their tools and techniques each day to maximize their chances of success.


You must do the same with advanced tools to isolate key networks, devices and services. By investing in Software Defined Access, you only expose your key assets on-demand for authenticated users. Its technology is as ubiquitous as the firewall, because if you can’t be seen, you can’t be hacked.

One More for the List

In the end, Bank Negara Malaysia claimed it “detected and foiled” the unauthorized fund transfers, which were made via fraudulent SWIFT messages. Others have not been so fortunate. SWIFT – the Society for Worldwide Interbank Financial Telecommunications – is an industry standard way for banks, trading houses, securities dealers, money brokers and more to securely transmit information and instructions through a standardized system of codes.

As such, it lies at the heart of the banking network and has become a major target over the past couple of years, costing organizations hundreds of millions:

  • In February 2016, alleged North Korean hackers stole an estimated $81m from Bangladesh Bank’s account at the New York Federal Reserve Bank. It could have been far worse ($1bn) had a spelling mistake not raised suspicion about the SWIFT transfers.
  • In June 2016, Hackers made off with $10m from an unnamed Ukrainian bank, again via SWIFT.
  • In October 2017, attackers stole $60m from the Far Eastern International Bank in Taiwan by planting malware which harvested key credentials to the SWIFT terminal.
  • In February 2018, hackers stole $6 million from an unnamed Russian bank via the SWIFT system by gaining unauthorized access to a computer inside the targeted organization.
  • In the same month, India’s City Union Bank suffered a $2m loss after discovering three unauthorized SWIFT transfers.
  • Also in February 2018, it was revealed that Punjab National Bank may have suffered $1.7bn in losses as a result of fraudulent transactions, potentially with the help of insiders.

Whilst acknowledging the run of incidents, SWIFT itself has laid the blame for the attacks on the institutions themselves, claiming they need to improve their processes and cyber-defences. In some cases, we know that, thanks to lax security, hackers managed to compromise a key SWIFT server with customized malware.

Anyone can be a hacker today. They range from the script kiddies who use ready-made tools and scripts to make a name for themselves, to highly motivated, well-resourced groups prepared to spend months researching their targets and developing malware and attack techniques. The SWIFT attackers were the latter. Many will use the kind of client devices, network scanners and development environments not uncommon in regular IT departments. They may even use the same pen testing and vulnerability scanning tools, which automate and rapidly accelerate the discovery of gaps in protection.  

What We Should Learn from the SWIFT Attacks

The lessons we can learn from these attacks are relevant not just to financial institutions, but organizations in virtually all verticals, even smaller businesses:

  • Anyone can be a hacker today.
  • Hackers know your business inside out and will use that knowledge to craft custom malware and attacks to circumvent your defences and hijack business processes.
  • They know your network and where it is weakest, thanks to detailed reconnaissance.
  • Attacks are inevitable. No business is too small: every organization is a potential target.
  • The bad guys are evolving but the white hats aren’t keeping pace with investments of their own. The stakes are too high to fall behind in this cyber-arms race.

If You Can’t Be Seen, You Can’t Be Hacked

So, what can organizations do to fight back?

Gartner claims that current perimeter designs present too much risk by exposing organizations’ digital assets to the world. These network designs are obsolete and should be replaced by the notion of a Software Defined Perimeter (SDP), it argues.

Instead of statically exposing and publishing network, data and services and then building security on top of that to stop the black hats, the idea is to hide these assets completely from the internet. Then, when it’s necessary, you expose them on-demand for authenticated users. This massively reduces an organization’s attack surface, because what the hackers can’t see, they can’t attack. These network isolation tools are mandatory and are as common today as firewalls demonstrating how fundamentally important they are to your cybersecurity.

The On-Demand Perimeter

Safe-T’s Software Defined Perimeter (SDP) architecture is the foundation for its Secure Application Access solution. SDP offers organizations an opportunity to create an On-Demand Perimeter: allowing you to automate the authentication and access of users to applications and data in a dynamic fashion.

The Safe-T Software Defined Perimeter offers maximum protection for published services (including Web, RDP, NTFS, Email, and more) and supports protocols including HTTP/S, RDH5, WebDAV, etc. With SDP there’s no need to install client software or use a VPN. You get a complete remote access suite for users and partners to access internal services on-demand — with those key services hidden from the world.

The hackers have upped their game in recent years. Now it’s our turn.

Software Defined Access

All posts

Get Email Updates

Sign up for our monthly newsletter and latest blog posts....keep up to date on the latest security data news!