Defense contractor BAE Systems, which first reported that SWIFT software had been compromised in the Bangladesh Bank hack, said Friday that fraudsters targeted a Vietnamese bank in the second attack. Although the bank was not named, Vietnam’s Tien Phong Bank (TPBank) told Reuters on Sunday that a third-party service it used to connect to SWIFT was attacked by hackers late last year.
TPBank said it identified a suspicious transaction worth more than $1.3 million, transferred by invalid SWIFT messages that the bank did not execute itself. Fortunately, the attack did not cause any actual losses and “had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general,” the bank said.
TPBank added that the servers of the third-party vendor were based overseas. It has since stopped using the vendor on SWIFT's advice.
This latest development should serve as a cautionary tale to corporate treasurers. Any corporates who connect to the network through a SWIFT Service Bureau (SSB) should do their due diligence and make sure that the vendor’s security is up-to-date. "As a chain is only as strong as its weakest link it is important to ensure all parties a corporate uses for transfers are secure," said Magnus Carlsson, Manager, Treasury & Payments for AFP.
Fortunately for SWIFT, at least some corporates that use the network are not blaming the cooperative for this recent string of attacks. A treasurer who wished to remain anonymous told AFP that he is confident the SWIFT network wasn’t breached and added that it is not SWIFT’s responsibility to oversee financial institutions’ secondary controls within their respective firewalls.