Illusive Networks seeks to slow Swift attackers through deception
- 27 September, 2016 01:53
Today's savvy bank robbers don't break into vaults looking for gold or diamonds: They're more likely to be hacking networks looking for access to the Swift payment system. Illusive Networks wants to catch them in the act.
In February, hackers exploited Bangladesh Bank's access to the Swift fund transfer network to steal US$81 million -- and almost got away with $951 million.
They had infiltrated the bank's network, installing malware on the Swift Alliance Access server that exchanged messages with the gateway to Swift's secure fund transfer system. They used the bank's Swift credentials to order payments, while their malware interfered with the printing of confirmation messages, delaying the bank's discovery of the electronic heist.
It's not yet clear how the attackers obtained the credentials: Inside help is one possibility, while another is that they found the credentials somewhere on the bank's internal network.
Now an Israeli company hopes to foil future heists of this type by making it easier for attackers to find Swift credentials and servers -- or at least, something that looks distractingly like them -- as they explore a bank's network.
At the SIBOS banking conference in Geneva on Monday, Illusive Networks announced a new addition to its Deceptions Everywhere product line: Swift Guard
In an effort to catch hackers as they move laterally around a network they've broken into, Illusive seeds customer networks with what it calls "deceptions," or decoys masquerading as high-value targets. It says these work better than traditional honeypots because they are everywhere and it's harder for attackers to recognize them as fakes. If an attacker interacts with any of the deceptions, Illusive's management console raises an alert.
Swift Guard disguises itself as key pieces of Swift infrastructure including credentials, databases, gateways and access servers and web interfaces. It doesn't directly protect the real targets; it just buries them in a haystack of fakes, making it likely that, as the attackers move around the network, they will be discovered before they find what they are looking for.
"In Bangladesh Bank they were doing thousands of searches for the Swift machine till they found it," said Illusive CEO Shlomo Touboul. If the bank had been using Swift Guard, that would have resulted in a series of alerts before the attackers were able to install their malware one of the Swift servers.
Dozens of banks are already using Deceptions Everywhere, and they'll get the Swift Guard component at no extra cost, Touboul said. For new customers, the price will depend on the network that needs protecting.