Written by Steve Schramm
“Forensic experts believe this to be part of a wider and highly adaptive campaign targeting banks.”
Banks concerned about the recent SWIFT breaches look to Guardian Analytics to immediately alert banks to suspected intrusions. In these intrusions, news reports detail the thieves obtained fraudulent user credentials and used them to submit fraudulent SWIFT messages that correspond to money transfers out of the bank. Further, the criminals used malware to mask their activities by inserting the Trojan into the PDF reader that validates the transaction – the rule based PDF reader verification was defeated by the criminals and could not detect the fraudulent transaction. The user credentials and rule based systems provided inadequate protection for the banks, as the criminals demonstrated.
No matter how many controls in place, hackers are proving their ability and sophistication to use malware to breach bank systems, stealing hundreds of millions of dollars. In a recent post to their website, SWIFT shared the following:
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks. In both instances, the attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud.”
The possibility that more banks could be targeted is high, considering SWIFT announced a second bank under attack in just three months.
Guardian Analytics has the answer.
By using behavioral analytics to model activity and detect anomalies for both originators and recipients to defeat today’s criminals and thieves, Guardian Analytics uses its patented, innovative technology to proactively detect fraudulent transactions before they leave the bank. Rather than using rules that look for specific malware, fraud indicators or fraud patterns, which are all changing too rapidly for most institutions to keep up, behavioral analytics combines knowledge about fraud with activity monitoring and anomaly detection to determine if the behavior is expected and legitimate. Guardian Analytics creates behavioral models for each originator and recipient, updates the probability assessment with each action taken, and provides the bank with real time scoring to indicate whether a particular money transfer should be permitted or held and investigated.
In this way, Guardian Analytics ensures the bank is immediately notified of a suspicious money transfer request, even if the user credentials and other rule-based defenses are compromised or a wire is fraudulently assigned to an originator.