Without naming the bank, Swift said the “attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both”.
Experts said on Friday that a Vietnamese bank was the financial concern involved and that it had recently been robbed by cyber criminals using similar methods to this year’s record digital theft of $101 million at the Bangladesh central bank, and a 2014 data breach at Sony.
Swift urged clients to “urgently review controls in their payments environments, to all their messaging, payments and e-banking channels”.
It added: “The security and integrity of our messaging services are not in question as a result of the incidents.”
Adrian Nish, head of BAE System’s cyber threat intelligence team said: “This attacker is very adaptive, they will fit their code to adapt to the individual circumstances of each case.”
He urged banks to follow the lead of military and state organisations that have tightened security on confidential IT networks by isolating them from “high-risk” networks more freely connected to the wider internet.