Sign up for our newsletter
Technology / Cybersecurity

Bank of England orders UK banks to upgrade cyber security after second SWIFT attack

UK banks have been ordered to step up their security by the Bank of England (BoE), after the second attack on a major financial institution this year.

The BoE ordered them to detail steps taken to secure computers connected to the SWIFT bank messaging network, according to insiders who spoke to Reuters.

The orders included conducting a ‘compliance check’ to check whether they are following security procedures issued by SWIFT after an attack in February saw $81m (£56m) stolen from Bangladesh’s central bank. SWIFT had told banks to review and if necessary upgrade their protocols.

The request was sent to all banks regulated by the BoE in April.

White papers from our partners

The Bangladesh attack was not an isolated incident. On 13 May, SWIFT issued a notice saying that another instance of a malware-led attack on an institution had emerged, directed at banks’ secondary controls.

The company said that the attackers exploited vulnerabilities in banks funds’ transfer initiation environments before the messages were sent over SWIFT.

They had been able to bypass primary risk controls in order to initiate this process. They also found ways to tamper with the statements and confirmations that banks might use as secondary controls.

SWIFT said this revealed that the earlier attack was not a single occurrence but part of a wider and highly adaptive campaign targeting banks.

It said in a statement that the SWIFT network, core messaging services and software had not been compromised.

The BoE joining the voices shows how seriously cyber attacks on financial institutions are being taken.

In addition to the two fraud attempts on the SWIFT network, major financial institutions have been targeted recently as part of hacking group Anonymous’s Operation Icarus, a hacktivist project protesting the role of banks in global corruption.

This is not the first time the BoE has dealt with cyber security in its remit as regulator. In 2014, Andrew Gracie, Executive Director, Resolution at the BoE, formally launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack.

This was part of the BoE’s response to the Financial Policy Committee’s recommendation to test and improve resilience to cyber-attack.
This article is from the CBROnline archive: some formatting and images may not be present.