After FBI, New York Fed and Other Financial Regulators Warn US Banks Over Potential Cyber Threat

Federal Reserve Bank of New York along with The Federal Financial Institutions Examination Council (FFIEC) has warned banks on potential cyber attacks linked to inter-bank messaging system. FFIEC represents a group of US banking regulators. They have also urged banks to review their cyber security system to resist fraudulent money transfers.

FFIEC has also instructed banks to review their risk management practices as well as controls over different steps involved in SWIFT messaging system. The council also advises to review measures for fraud detection and response management.

However, the group’s cyber security rules haven’t been reviewed. Instead, it has highlighted existing guidelines while warning banks over possible financial losses due to cyber attacks involving wire communication module. The group of regulators will also investigate whether the US banks have been complying with the security regulations.

The warning appears following fraudulent transfer of $81 million from the Bangladesh Bank reserve held with the New York Fed using SWIFT, an end-to-end messaging service. The encrypted messaging system is used to exchange messages and request for fund transfer.

Prior to the Fed warning, Federal Bureau of Investigations (FBI) has sent a caution notice to the US banks. FBI has warned of a malicious cyber group targeting foreign banks. The group has allegedly transferred $81 million (£56 million) from the current account of Bangladesh Bank with the Federal Reserve Bank of New York.

SWIFT credentials from Bangladesh’s central bank have been hacked compromising local cyber security system and laundered the money to accounts in the Philippines during February. The hacker group has tried to launder $1 billion through multiple transfer requests. But several of the requests have been rejected due to fundamental discrepancies in the SWIFT messages, reports BBC.      

The FBI notice also urges banks to search for signs of possible cyber attacks. The notification also instructs hunting for technical clues to confirm whether they have been targeted by the same hacker group.

US government and law enforcing agencies fear that larger US firms who are solely dependent on SWIFT network system for transfer of funds may fall victim to cyber attack. SWIFT has long been acknowledged as the safest communication mode serving as the backbone of international finance.

Concerns over cyber security of financial institutions have grown following disclosure of cyber heist in March. Further revelation of information on $12 million theft from Banco del Austro in Ecuador, an attack on Vietnam's Tien Phong Bank and one on an unidentified victim in the Philippines, all have contributed in intensifying the threat, according to a report published in Reuters.

Further cyber attack from the hacker group is very likely, informs Dan Guido, a former member of the security team for the U.S. Federal Reserve System. The hacker group knows the exact timing to penetrate in the system and conducts fraudulent fund transfers leaving behind no clues, comments Guido, chief executive of cyber-security firm Trail of Bits.  

Meanwhile, SWIFT has requested its more than 3000 members to review security. SWIFT repeatedly claims that its internal network hasn’t been compromised by any mean. It has been trying to evaluate interim internal findings while suggesting members to review and upgrade local operating environments, reports Insurance Business America quoting a spokeswoman for SWIFT.

FBI has declined to make comment over the cautionary statements. Advising private industry over cyber threat indicators during conduction of probe is a routine process for FBI, informs a spokesperson for the Bureau. Such procedure is followed to support system administrators guarding against the actions of persistent cyber criminals.  

However, bank security experts consider FFIEC letter with a negligible impact since it only reiterates previous recommendations. Issue of such cautionary statement falls under regular duty for the group of regulators, informs Bill Nelson, chief executive of the Washington-based Financial Services Information Sharing and Analysis Center (FS-ISAC). The center shares information on potential cyber threats with its 7,000 members.