Brussels -- SWIFT is aware of a malware that aims to reduce financial institutions’ abilities to evidence fraudulent transactions on their local systems. Contrary to reports that suggest otherwise, this malware has no impact on SWIFT’s network or core messaging services.
We understand that the malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security.
We have developed a facility to assist customers in enhancing their security and to spot inconsistencies in their local database records, however the key defence against such attack scenarios remains for users to implement appropriate security measures in their local environments to safeguard their systems - in particular those used to access SWIFT - against such potential security threats. Such protections should be implemented by users to prevent the injection of malware into, or any misappropriation of, their interfaces and other core systems.
SWIFT is making customers aware of the new facility through its ongoing Security Campaign.
Re-disseminated by The Asian Banker