Following the cyber heists which affected several banks on its network, SWIFT has engaged expert cyber security firms BAE Systems and Fox-IT to improve the network’s security. In addition, SWIFT has created a dedicated Customer Security Intelligence team, bringing together what it called “a strong group of IT and cyber experts to investigate security incidents within customer environments.”

According to SWIFT, the expert firms will complement it’s in-house cyber security expertise and work closely with SWIFT’s newly formed Customer Security Intelligence team to support SWIFT’s customer information sharing initiative and to help strengthen cyber security across the global SWIFT community.

The information sharing initiative is a key part of SWIFT’s recently launched Customer Security Program, said SWIFT. Under this initiative SWIFT says it is assisting its community by undertaking forensic investigations on customer premises related to SWIFT products and services.

These will complement the internal investigations being carried out by affected customers. SWIFT is also feeding related intelligence – in anonymised form – back to the wider SWIFT community in order to help prevent future frauds in customer environments.

SWIFT’s information sharing initiative has grown significantly since its launch, and now includes detailed intelligence and analysis on the modus operandi of attackers in recent customer fraud cases.

In addition SWIFT has published an inventory containing some of the specific malware used in reported attacks, as well as indicators of compromise (IoCs) that SWIFT has developed to assist other customers in detecting threats operating in their environments.

“Customer intelligence, including intelligence related to attacks that have ultimately failed, is crucial to helping us continue protecting our community,” said SWIFT Chief Technology Officer, Craig Young.

“Information we have already received from impacted banks has allowed us to identify new malware and to publish related IoCs which are helping to protect the wider community. An important dependency of this initiative is SWIFT’s timely receipt of information from affected customers. We therefore continue to remind customers that they are obliged to inform SWIFT of such incidents as soon as possible, and to proactively share all relevant information with us so we can assist all SWIFT users.”