In a statement issued to its customers and posted on its website SWIFT said that the malware attack is believed to part of a broad and "highly adaptive campaign targeting banks" and that there is evidence that a number of banks have fallen victim to fraud as a result of their security measures being compromised.
The latest malware attack is based on corrupting a PDF read application banks use to view confirmations of payments, SWIFT said.
"The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process," SWIFT said. "In a second step, they have found ways to tamper with the statements and confirmations that banks would sometimes use as secondary controls, thereby delaying the victims’ ability to recognise the fraud."
"The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both," it said.
SWIFT said banks should "urgently review controls in their payments environments, to all their messaging, payments and e-banking channels" and consider engaging third parties to review their cyber security. It said the priority for banks should be in ensuring they have "all preventative and detective measures in place to secure [their] environment"
SWIFT's own network, messaging systems and software has not been compromised by the attack, it said.
Technology and payments expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said: "The security of central infrastructure in payments and banking is a high priority, and always has been. The schemes and messaging systems that run on that central infrastructure can only be as secure as the weakest link – here it’s the banks that communicate into and using SWIFT. The banks communicating into the SWIFT system are the natural target for hackers given that they can be much softer targets than the centre."