International financial messaging and information company SWIFT, stung by a cyber attack earlier this year that used its payment platform, has hired two security firms to beef up its anti-fraud efforts.
SWIFT’s network itself was not breached in the attack on the Bangladesh central bank in February but security experts believe the thieves modified the software that banks use to interface with SWIFT so they could make fraudulent transfers from the bank’s account at the Federal Reserve of New York and hide the evidence.
In the wake of the attack, the company unveiled a new security program for customers. On Monday, it announced it had hired U.K.-based BAE Systems and Fox-IT Security of the Netherlands to work alongside a new in-house team of security experts.
The outside firms “will complement SWIFT’s in-house cyber security expertise and work closely with SWIFT’s newly formed Customer Security Intelligence team to support SWIFT’s customer information sharing initiative and to help strengthen cyber security across the global SWIFT community,” the company said in a news release.
BAE Systems, a defense and aerospace company, provides cyber security tools, information technology, intelligence and analytical tools through its Intelligence and Security division, while Fox-IT offers consulting, IT products and training.
“BAE Systems knows SWIFT’s network well, having published independent reports on [recent] attacks, in particular one against a bank in Vietnam,” PCWorld said.
Of the $101 million that the cyber-thieves stole from Bangladesh Bank, about $20 million has so far been recovered. According to Bangladesh police, the bank’s computer security measures were seriously deficient, but bank officials have said SWIFT technicians introduced security holes into the bank’s network.
SWIFT said Monday it will continue to gather and share anonymized customer security information with its community to help prevent future fraud cases and facilitate information- sharing on best practices and innovation in cyber defense.
“Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial to helping us continue protecting our community,” Chief Technology Officer Craig Young said.