SWIFT, a cooperative owned by 3,000 financial institutions, confirmed that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT on Monday released a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.
The developments coming to light the unprecedented cyber-heist suggest that a lynchpin of the global financial system could be more vulnerable than previously understood because of weaknesses that enabled attackers to modify a SWIFT software program installed on bank servers.
The new evidence suggests that hackers manipulated the Alliance Access server software, which banks use to interface with SWIFTs messaging platform, in a bid to cover up fraudulent transfers that had been previously ordered.
The findings from British defense contractor BAE System and SWIFT do not explain how the fraudulent orders were created and pushed through the system. That remains a key mystery in ongoing probes into the heist.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now