UK banks ordered to review cybersecurity after SWIFT heist

  • TECH
  • Thursday, 19 May 2016

Strengthening cybersecurity: The Bank Of England sent the request to update cybersecurity measures to all the banks it regulates.

LONDON: The Bank of England ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank messaging network about two months after a still-unidentified group used the system to steal US$81mil (RM329.6mil) from Bank Bangladesh, according to three people familiar with the effort.

The central bank sent the request to update cybersecurity measures to all banks it regulates in mid-to-late April, according to these people, who were not authorised to discuss the confidential communications.

The previously unreported action marks the earliest known case of a central bank in a major economy to order its member banks to conduct a formal security review in response to the Bangladesh theft, which has shaken the global system for transferring money among both commercial and central banks. 

The Bank of England, one of the G10 central banks that oversee Brussels-based SWIFT, said it had no immediate comment.

The FBI, authorities in Dhaka and private forensic experts are investigating the February cyber heist in Bangladesh where thieves raided a central bank account kept at the Federal Reserve Bank of New York, stealing US$81mil (RM329.6mil). They installed malware inside the bank's Dhaka headquarters that hid traces of their attack in a bid to delay discovery so they could access the funds, according to police and private security firms.

The Bank of England told banks to conduct a "compliance check" to confirm whether they are following security practices recommended by SWIFT, which the firm recently reissued to members in the wake of the February heist, one of the people said.

SWIFT declined to comment. The group has previously declined to release those guidelines, which were issued in private communications.

The checks called for by the Bank of England include conducting what are known as user entitlement reviews, which ensure that only authorised staff have access to SWIFT applications and the service's messaging gateway, that person said.

Banks were also told to review computer logs for digital evidence known as "indicators of compromise," including IP addresses and email addresses linked to recent attacks.

Those indicators include technical details included in reports from several private cybersecurity firms, including Britain's BAE Systems PLC.

The communication from the Bank of England asked banks to respond by early May and provide details about plans for installing a security update to SWIFT Alliance Access software, according to the person. The messaging group last month released the update and asked members to install by May 16.

Meanwhile, Sweden's Riksbank on Wednesday called on all users of the central bank's RIX payments system for large transaction to follow the SWIFT recommendations, a central bank spokesman told Reuters.

Earlier this week, Singapore's central bank asked banks to maintain a high level of security for their critical IT systems following recent cyberattacks using the SWIFT financial messaging system.

In the Philippines, a senior central bank official said on Tuesday that regulators were crafting regulations to help banks and other financial institutions fend off cyber heists and minimise damage after any systems breach. —  Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Poland's CD Projekt works on game outside The Witcher and Cyberpunk franchises
Musk plans to go ahead with original price of $54.20 a share for Twitter- Bloomberg
Gopuff partners with Grubhub for grocery delivery
Amazon faces fines of up to $200,000 in Russia over banned content -agencies
Meta pushes Reels monetization with new ad formats
France's Atos to complete split by mid-2023 'at the earliest'
Semiconductor shares jump after EU introduces single charging port
White House guidelines for AI aim to mitigate harm
Envision sees cost of electric cars at parity by 2025/26
Court backs Twitter over complaint from conspiracy-plagued Dutch town

Others Also Read