Printed from BusinessInsurance.com

Banks scrutinize SWIFT security after hacks

Posted On: May. 18, 2016 12:00 AM CST

(Reuters) — Major U.S. banks are scrutinizing security of the SWIFT messaging network following cyber attacks in Bangladesh and Vietnam involving fraudulent transfer requests, according to media reports on Tuesday.

JPMorgan Chase & Co. has limited SWIFT access to some employees amid questions about the breaches at two Asian banks, The Wall Street Journal reported, citing people familiar with the matter.

The actions are not tied to a specific concern about JPMorgan's vulnerability to SWIFT, but are part of its policy to review user access to certain systems following news of a security threat, The Wall Street Journal said, citing a person familiar with the bank.

Representatives with JPMorgan could not immediately be reached for comment.

Brussels-based SWIFT is a cooperative owned by some 3,000 global financial institutions.

Separately, Bloomberg News reported that major U.S. banks want SWIFT to boost security in the wake of the attacks, which involved fraudulent transfer requests sent over SWIFT's private bank messaging system.

Some U.S. banks want to discuss with SWIFT whether it responded quickly enough to the breaches and if it should help banks better secure their systems, Bloomberg cited one unidentified source as saying.

Some U.S. banks expect SWIFT to come up with a technological solution to reduce the risk of further attacks, the report cited a second unidentified source as saying.

SWIFT codes for at least seven international banks were written into malware used in an attack that Vietnam's Tien Phong Bank disclosed over the weekend, Bloomberg reported, citing a private report published by BAE Systems P.L.C.

The malware was configured to hide transaction messages involving those banks, Bloomberg reported. It said they included Industrial & Commercial Bank of China Ltd., Bank of Tokyo Mitsubishi UFJ Ltd., UniCredit SpA, Australia & New Zealand Banking Group Ltd, United Overseas Bank Ltd of Singapore, South Korea's Kookmin Bank and Japan's Mizuho Bank Ltd.

The revelations that such banks were mentioned in the code raised concerns of global lenders because they show that the attackers were not focusing solely on small banks in developing nations, Bloomberg reported, citing people familiar with several banks in the U.S. and Europe.

A SWIFT spokeswoman declined comment on both reports.