Cyber Heist

Financial institutions are at risk of cyber heists. Hackers have stolen millions of dollars from financial institutions by gaining access to the SWIFT messaging system via malware. Once they have gained access, the hackers issue fraudulent SWIFT messages to steal funds held in correspondent accounts.

As Brussels-based SWIFT described it in its May 13, 2016 Customer Communication – Customer Security Issues:

[T]he attackers have exploited vulnerabilities in banks funds’ transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process. In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud.

The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.

As a result, SWIFT advised that:

As a matter of urgency we remind all customers again to urgently review controls in their payments environments, to all their messaging, payments and ebanking channels. This includes everything from employee checks to password protection to cyber defences. We recommend that customers consider third party assurance reviews and, where necessary, ask your correspondent banks and service bureaux to work with you on enhanced arrangements.

Controls that include sophisticated state-of-the-art security systems and security procedures are necessary, but insufficient. Training of personnel is equally important. Human error may result in the introduction of malware into the payments environment. For example, an employee may click on a link or attachment sent by electronic mail or may insert a removable media (such as a thumb drive) that may install malware.

Additionally, fraud detection mechanisms should be included in security procedures vis-à-vis correspondent banks. The mechanisms designed to detect suspicious activity can serve to detect fraudulent payment orders. However, such mechanisms must be incorporated in new and existing correspondent relationship agreements. It is one way to protect your financial institution from the risk of loss due to a cyberheist where fraudulent payment orders are inconsistent with the normal pattern of activity in the correspondent account.

Of course, no combination of controls, procedures, protocols, training and correspondent bank security procedures will provide a 100% guarantee against the risk of loss due to a cyberheist. STARNet’s asset recovery attorneys are able to trace, freeze and recover assets stolen from financial institutions. They use legal tools and procedures designed to assist the victims of theft. Contact us today to learn more about how we can help.

The following two tabs change content below.


STARNet, which is short for Stolen Asset Recovery Network, is a global alliance of independent law firms created to provide financial institutions and governments with multi-disciplinary services across countries and jurisdictions for locating, freezing, and ultimately recovering stolen assets related to cyber heists, fraud or corruption.

Latest posts by STARnet (see all)