Swift has tapped British defense contractor BAE Systems and Dutch security firm Fox-IT to support an information sharing and threat intelligence program for member banks.
Swift, the Society for Worldwide Interbank Financial Telecommunication, connects 11,000 financial services companies with its messaging platform for transfers. The information sharing initiative launched last month as a "key part" of its newly created Customer Security Intelligence team, Swift said in a July 11 news release. The team, with BAE and Fox-IT, will conduct on-site forensic investigations on customers' Swift products and feed relevant information "in anonymized form" to the wider Swift community to help other member banks prevent future fraud.
"Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial to helping us continue protecting our community," Craig Young, Swift's chief technology officer, said in the release. "Information we have already received from impacted banks has allowed us to identify new malware and to publish related [indicators of compromise] which are helping to protect the wider community."
These on-site investigations are meant to complement those already being carried out by the affected institutions, Swift said.
The program's rollout follows a string of high-profile attacks on the Swift network at multiple bank sites and already includes details of the plans and procedures used in recent attacks, including the February incident in which hackers lifted $81 million out of Bangladesh Bank's account at the New York Federal Reserve. Swift has also published an inventory of specific malware used in reported attacks and other indicators of compromise.
"The inevitable criminal focus on the heart of the financial system means that the financial services industry needs to ensure it has effective cyber defences against well-funded, motivated and organised attackers," said James Hatch, BAE Systems director of cyber services. "It is vital the industry works together both to defend systems and networks."