‘It’s bad enough that one hacker group has been wreaking havoc on banking systems worldwide, but it’s apparently getting worse. Security firm Symantec reports that a second group, Odinaff, has infected 10 to 20 of its customers with malware that can cover up bogus money transfer requests sent through the ubiquitous SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system.’ – Engadget
From the day the first news emerged about the Bangladesh Bank losing 81 million USD (and barely avoiding the 1 billion jackpot loss) SWIFT has been accused of weak cybersecurity countermeasures and controls. While these accusations might have contained some truth, they were mostly from financial institutions that had been robbed by cyber criminals before. These organizations might have thought that having SWIFT carry the can sounded like a good strategy to deflect customers’ attention away from their own mistakes.
Because basically, it is the bank and its IT systems where the whole thing typically starts taking root. It is their systems that cannot effectively filter out advanced malware, it is their employees who are not resistant enough to phishing and social engineering.
Behind most of these attacks, there is the valid presumption that the cyber defense capabilities of financial organizations attacked would not hold against a dedicated cyber adversary.
So I would start focusing on the targets of these attacks instead of SWIFT, asking them more about their own role in this mess and stop shoveling sand against the cyber tide.