New tool offers SWIFT network protection through deception
Attacks on the inter-bank SWIFT system have been making the headlines this year, proving lucrative for the hackers and worrying for the industry.
Help is on the way though as Cyber security company TrapX is launching a deception-based security solution, DeceptionGrid, specifically designed protect SWIFT.
"In the past year, SWIFT has been under attack by persistent cyber attackers, which have resulted in the theft of more than $100 million dollars from banks worldwide," says Greg Enriquez, CEO of TrapX. "These attacks demonstrate a broad knowledge of bank operations as attackers combine them with sophisticated tools and techniques to penetrate target bank networks. The recent expansion of our DeceptionGrid emulation to include SWIFT financial network assets allows institutions to protect their most valuable assets by implementing a powerful security layer of deception on top of SWIFT's closed systems, which does not impede on the existing security structure. This adds to our financial networks solution set that already includes protection for automated teller machines (ATM) networks, online banking application servers and more".
Attacks on SWIFT have generally been through backdoor malware, allowing hackers to observe and map network assets without being detected for long periods of time. This allows them to learn operating procedures and then compromise the targeted systems. Attackers then access and capture authentication traffic and, ultimately, escalate their permissions to compromise SWIFT financial network transactions in a variety of potential ways.
TrapX DeceptionGrid works by surrounding SWIFT assets with a blanket of protective traps and tokens that leads attackers to attractive fake SWIFT decoys, which appear relatively undefended. However, each trap has the ability to capture, contain and analyze attackers, while alerting the financial institutions security teams. Once the attacker is identified within the network, an in-depth report of the attack method is generated. This provides financial institutions with in-depth awareness of activity within their internal networks.
You can find out more about DeceptionGrid on the TrapX website and you can register for a free webinar discussing SWIFT threats on October 27.
Photo Credit: Jaromir Chalabala/Shutterstock