SWIFT discloses new cyber-attacks, forces security procedures

In a private letter to clients, SWIFT said that new cyber-theft attempts - some of them successful - have surfaced since June 2016, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.

The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.

The Brussels-based firm, a member-owned cooperative, indicated in the letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.

A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers.

SWIFT has repeatedly pushed banks to implement new security measures rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.

The security features include technology for verifying credentials of people accessing a banks SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.