What I would like... what I would really like is for someone to explain the decision process that led to that $10 switch being deployed in that environment.
Finance bods SWIFT to update after Bangladesh hack
Security vendors are pushing for a more comprehensive revamp of the SWIFT international inter-bank financial transaction messaging system beyond a update prompted by an $81m hack against Bangladesh's central bank. The loss of $81m (part of an attempted $950m heist) in February’s Bangladesh cyber-heist – reckoned to be the …
COMMENTS
-
Friday 29th April 2016 15:35 GMT Anonymous Coward
Local access required
The attackers / intruders needed to get the credentials of the user the Swift software runs under. When you get such credentials then you can use the local software. I am somewhat happy this happened at a bank and not at my favourite nuclear power station nearby.
Anon for obvious reason.
-
Friday 29th April 2016 17:16 GMT Cynic_999
Why the emphasis on the cost of a switch, as if cheap=insecure (and presumably expensive=secure)? The insecurity is far more likely to have been due to the topography of the network than the cost of its components. It's perfectly OK to use a $10 switch in a properly secured internal network, and I can assure you that the use of gold plated oxygen-free network cables costing £100 per metre won't do anything to make your system less likely to be hacked.
-
Saturday 30th April 2016 12:25 GMT Stu J
Cheap switches usually don't have the capability to manage and monitor, and cheap second-hand switches are usually cheap because they're EoL or near as damn it - which means any vulnerabilities in the firmware won't be fixed.
The choice of such switches at that time doesn't necessarily mean they weren't fit for purpose at that point in time, however at best it's a short-sighted approach that reflects the attitude of the morons that put them in place. More telling, however, is the lack of firewall. That's just a case of "WTF???"
-
-
-
Tuesday 14th June 2016 16:24 GMT Anonymous Coward
Too many mis-truths here.
A few things need cleared up. The BoB failed to secure its networks, hosts, Swift gateway infrastructure and accounts both to the gateway software itself and the server it resided on. I'm failing to see how that is the fault of SWIFT whatsoever. The update SWIFT offered on the Alliance software was to make it easier to see if an attacker had made changes, by adjusting logging. Elsewhere the downstream systems were hacked and access granted to the attackers, where they able to make money movement instruction and hide the fact due to making changes in the PDFs the company used to validate the money movement process. Again, I'm not clear how SWIFT is at fault here?
To sum it all up? People, secure your internal networks, your SWIFT gateway infrastructure (whether you use Alliance or not), secure your gateways hosts, secure our gateway accounts. Monitor, monitor monitor, for anomalous behavior! Use next gen machine learning firewalls, network devices, and endpoint protection! Any questions?