SWIFT Theft: Bank Of England Orders UK Banks To Review Cybersecurity

The Bank of England has ordered UK banks to outline the steps they have taken to secure computers connected to the SWIFT bank messaging network about two months after a still-unidentified group used the system to steal $81 million from Bank Bangladesh, reports Reuters.

The request to update cybersecurity measures was sent towards the latter part of April, Reuters was told by three unnamed sources familiar with the matter.

The central bank told banks to conduct a “compliance check” to confirm whether they are following security practices recommended by SWIFT, which the firm recently reissued to members in the wake of the February heist, one of the people reportedly said.

This is the earliest known case of a central bank in a major economy ordering its member banks to conduct a formal security review in response to the Bangladesh theft, which has shaken the global system for transferring money among both commercial and central banks.

The checks include conducting what are known as user entitlement reviews, which ensure that only authorized staff have access to SWIFT applications and the service’s messaging gateway, reported Reuters.

Banks were also told to review computer logs for digital evidence known as “indicators of compromise,” including IP addresses and email addresses linked to recent attacks.

The communication from the Bank of England asked banks to respond by early May and provide details about plans for installing a security update to SWIFT Alliance Access software.