Illusive Blog December 13, 2018

SWIFT CSCF Compliance : A Cyber Defense for Wire Transfers

By Guy Rosenthal


The Society for Worldwide Interbank Financial Telecommunication, known as SWIFT, became a household name in 2016, when hackers breached Bangladesh Bank’s SWIFT wire transfer system and made off with almost $81 million. More than a dozen other banks around the world were hit with similar cyberattacks. Although compromised wire transfer systems haven’t made headlines lately, they’re still happening—and starting to appear in the consumer world.

New—and More Creative—Attacks in 2018

This year, fraudsters compromised connections to Mexico’s Interbank Electronic Payments (SPEI), which enables near-real-time transfers between accounts at different domestic banks for consumers and businesses. Five banks in Mexico lost almost $20 million1. About the same time, Banco de Chile suffered a “smokescreen” attack2, where malware suddenly disabled hundreds of workstations and servers. While the bank’s attention was diverted, attackers were actually targeting its SWIFT system. The attack cost the bank $10 million.

Obviously, threats to wire transfer systems are persistent, sophisticated, and here to stay. They’re also highly adaptive. New attacks are targeting users with phishing emails, “alerting” them that a wire transfer is initiated to their account. When they click on an attachment to see the details, their systems are infected with a remote access tool (RAT) that installs a backdoor, exfiltrates data, modifies the system registry, and tries to kill antivirus programs on the system. Other wire transfer fraud is targeting prospective homebuyers. Through a series of ruses, hackers gain access to homebuyer data, a US bank account, and finally, the wire transfer money3.

After the 2016 attacks, SWIFT established the SWIFT Customer Security Programme (CSP) to help customers protect their financial institutions against cyber fraud. It includes the SWIFT Customer Security Controls Framework (CSCF) v2019, which describes a set of security controls required to be implemented by companies on their SWIFT infrastructure. Customers must attest to their compliance by the end of 2019.

Addressing Risks and Compliance Simultaneously

These compliance requirements must be harmonized with organizations’ other security efforts aimed at reducing overall enterprise risk. But this is easier said than done when regulatory obligations consume so much attention, and SOC teams continue to face staff shortages. A recent Ponemon survey, sponsored by Illusive, indicates that the top obstacle to better cyberthreat detection is that compliance efforts detract attention from threat detection functions. Security vendors need to help resolve this apparent conflict.

Illusive Networks is committed to helping our customers both achieve compliance and stop high-impact attacks as threats evolve. Coalfire recently completed a multi-faceted technical validation showing how Illusive can help organizations meet specific SWIFT CSCF requirements. According to the Coalfire paper, the Illusive solution can provide security support with SWIFT Environment Protection, Operating System Privileged Account Control, Security Updates, System Hardening, Logical Access Control, Cyber Incident Response Planning, Risk Assessment and more.

Specially, Coalfire noted that Illusive Wire Transfer Guard solution protects SWIFT systems by effectively detecting, reporting, and mitigating targeted attacks that pose a high risk of financial and strategic damage. Illusive’s deception-based platform also addresses the broader range of cyber risk by stopping the lateral movement of attackers toward critical systems once they’re inside the network, and can help you meet SWIFT compliance standards.

Illusive’s Attack Surface Manager (ASM) preemptively identifies and removes credentials and connections that aid the lateral movement process. And because banks, financial services companies, and businesses are not in the business of cybersecurity, Illusive designs solutions that are lightweight, easy to deploy, use and manage, and that empower defenders at all skill levels. Coalfire found that “Illusive ASM functionality can assist organizations with their risk assessment process development…can evaluate the risk and readiness of the organization based on plausible cyber-attack scenarios…expose the access footprint across the enterprise.”

SWIFT CSCF requirements are a starting point for cybersecurity strategies. Learn more about how Illusive not only maps to the SWIFT CSCF, but also can significantly reduce organizational risk. Download the Coalfire assessment, How Illusive Networks Technology Supports SWIFT: A Technical White Paper here.