Hackers target bank payment systems

30 January 2018

In January, Mexico’s export bank Bancomex became the latest financial institution to suffer a suspected cyber attack. The incident is just the latest in a run of cyber attacks that have led to many banks reviewing their insurance arrangements.


In December, Russia’s Globex bank thwarted an attempt to steal funds after hackers appeared to have used legitimate login credentials to access the bank’s SWIFT terminals. The attack was revealed shortly after the theft of USD 60 million from Taiwan’s Far Eastern International bank, which also targeted SWIFT, an international financial messaging service that facilitates the transfer of trillions of dollars in funds every day.

In another example, Russian-linked hackers stole more than USD 10 million from a number of banks in the US, Russia and the UK after targeting card processing and SWIFT systems. The group, dubbed MoneyTaker, focussed on smaller institutions with limited cyber defences, constantly changing its tools and tactics to bypass antivirus and traditional security systems, according to security firm Group-IB, which uncovered the group’s activities.

Security Concerns

Many of the recent attacks exploited weak security controls at the banks, rather than compromise the SWIFT system itself. According to the UK’s National Cyber Security Centre, cyber criminals are stealing legitimate login credentials from banks, which they then use to make fraudulent money transfers via the SWIFT messaging system.

Brussels-based SWIFT has repeatedly urged banks to improve security in the wake of the February 2016 cyber heist at the Bangladesh Central Bank. That incident saw cyber criminals steal over USD 80 million from the bank via its account at the New York Federal Reserve Bank. Investigations have since revealed IT security failings at the bank, including a failure to disconnect hardware tokens, the disabling of antivirus software and the unsecure storage of passwords on the system.

In November, SWIFT warned that the cyber threat may be increasing as cyber criminals employ more sophisticated tactics. It highlighted one incident in which hackers spent months inside the network of an unnamed bank, stealing user credentials and using software that recorded computer keystrokes and screenshots. According to SWIFT, the hackers then installed malware to modify messaging software and bypass security protocols, before ordering payments to be transferred to banks in other countries.

Innovative solutions

Cyber attacks like these have seen banks review the adequacy of their crime and cyber insurance limits. As a result, a number of financial institutions are considering more innovative insurance structures that use both the cyber and crime insurance markets to increase capacity.

Interest in cyber insurance among financial institutions has been growing, driven by a combination of cyber attacks and regulatory pressures. A number of banks were affected by the 2017 global ransomware attacks while financial institutions suffered significant disruption following a number of distributed denial of service (DDoS) attacks.

The cost of dealing with such attacks, as well as the business interruption and reputational damage associated with them, can be significant. A study by Kaspersky put the average cost of an online banking security incident at USD 1.7 million. On the regulatory front, banking supervisors in the US and Europe have been looking to increase cyber security within the banking sector. For example, New York State introduced tough rules in March 2017 that set out specific cyber security and risk management requirements.

Unsurprisingly, we have seen more financial services organisations purchasing cyber insurance for the first time, while those that already have cover are growing more sophisticated in their insurance buying. By the end of 2018 we would expect the majority of banks to purchase cyber cover.

Download Cyber Newsletter

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com