View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bank of England orders UK banks to upgrade cyber security after second SWIFT attack

News: An attack on the Bangladesh central bank in February saw $81 million stolen.

By Alexander Sword

UK banks have been ordered to step up their security by the Bank of England (BoE), after the second attack on a major financial institution this year.

The BoE ordered them to detail steps taken to secure computers connected to the SWIFT bank messaging network, according to insiders who spoke to Reuters.

The orders included conducting a ‘compliance check’ to check whether they are following security procedures issued by SWIFT after an attack in February saw $81m (£56m) stolen from Bangladesh’s central bank. SWIFT had told banks to review and if necessary upgrade their protocols.

The request was sent to all banks regulated by the BoE in April.

The Bangladesh attack was not an isolated incident. On 13 May, SWIFT issued a notice saying that another instance of a malware-led attack on an institution had emerged, directed at banks’ secondary controls.

The company said that the attackers exploited vulnerabilities in banks funds’ transfer initiation environments before the messages were sent over SWIFT.

They had been able to bypass primary risk controls in order to initiate this process. They also found ways to tamper with the statements and confirmations that banks might use as secondary controls.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

SWIFT said this revealed that the earlier attack was not a single occurrence but part of a wider and highly adaptive campaign targeting banks.

It said in a statement that the SWIFT network, core messaging services and software had not been compromised.

The BoE joining the voices shows how seriously cyber attacks on financial institutions are being taken.

In addition to the two fraud attempts on the SWIFT network, major financial institutions have been targeted recently as part of hacking group Anonymous’s Operation Icarus, a hacktivist project protesting the role of banks in global corruption.

This is not the first time the BoE has dealt with cyber security in its remit as regulator. In 2014, Andrew Gracie, Executive Director, Resolution at the BoE, formally launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack.

This was part of the BoE’s response to the Financial Policy Committee’s recommendation to test and improve resilience to cyber-attack.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.