Credit organization, communicating and payment orders through the system for transmitting financial messages will strengthen measures to combat fraud
Given the interest of hackers to SWIFT, the Central Bank banks are prepared to possible threats of attacks to gain access to the Russian analogue of the SWIFT system for transmitting financial messages — SPFS). As have informed “news” the official representatives of the Central Bank, the level of risk of cyber attacks to gain access to SPFC corresponds to the threats of attacks on the payment system of the Bank of Russia. So, the banks connected to SPFS should follow the recommendations of the Central Bank on information security provided for the payment system of the Bank of Russia. In fact — reinforce the measures to combat fraud. According to experts, to expand the Arsenal of the fight against hackers is warranted, but the introduction of banks increased security measures will not hit them.
In respect of SPVS — a Russian analogue of SWIFT, provided the same recommendations in terms of information security and payment system of the Bank of Russia, because the underlying risks for these systems are the same, — said the press service of the Central Bank.
In fact, the Central Bank puts equal sign between the cyber attacks on SPFS and cyber-attacks on the payment system of the Bank of Russia. So, banks that exchange information and payment orders via SPFS should take increased security measures (a standard complex). The regulator eight policy documents on the topic of information security of banks, including the standards Technical Committee No. 22. According to the requirements of the Central Bank to information security banks need to consistently reinforce the protection at hardware and software level, to inform the staff on the revitalization of fishing distribution (most common trick fraudsters use to get to the internal network of the credit organization), safety rules when working with files and documents coming to work email, to build a system of interaction in the detection and investigation of cybercrime, to test the level of knowledge workers (using a test of cyber attacks). Banks that communicate via SPFS, will have to use technology, hardware and software and cryptographic protection of data in the complex to use not only the recommendations of the Central Bank, but also the recommendations of the Ministry of interior for security. But if the Bank has doubts about the level of information security of the counterparty, information and bills via SPFS should not be sent.
To the Russian analogue of the SWIFT connected Bank 332 of about six hundred operating in Russia. The Russian analogue system of transmission of financial messages in SWIFT format (as for domestic operations) started in operation in December 2014, in September 2015, the head of the Central Bank Elvira Nabiullina announced to the high degree of system availability. This project has been launched in response to statements in September 2014, the initiative of the European Parliament to disconnect Russian banks from the system of interbank transfers SWIFT, in early 2015, this option was considered and the foreign Ministers of European States. Russian banks began to disconnect from SWIFT, and SPFS exists as an alternative system of information transfer and make payments. SWIFT is connected to over 9 thousand banks from 209 countries around the world, the system exists since 1973. The exchange of information in the system passes through two operating center located in the US and the Netherlands. Each Bank is connected to the system, has its own SWIFT code.
Last Thursday it became apparent that Russian analogues of international systems need. For five hours the Visa cardholders (including Russians) could not perform any operations abroad (cash withdrawals, transfers, purchases) due to a technical failure. He was eliminated at 1855 MSK. In Russia Visa holders almost did not notice the problems, because operations are controlled by the Central Bank, the National system of payment cards (nvqs).
Reports of cyber attacks on Russian and foreign banks to gain access to SWIFT appear with surprising regularity. In July it became known that the cyber fraudsters had withdrawn from the Russian banks about €2 million, the attackers hacked the internal network of several credit institutions and gained access to SWIFT. Earlier hacker attacks through the SWIFT system was subjected to the Central Bank of Bangladesh (the damage amounted to $81 million), Ecuador Banco del Austro ($9 million) and the Ukrainian Bank, whose name is not disclosed ($10 million). Last week was another reported attempts by hackers to penetrate security gaps and to acquire access to SWIFT.
— Hackers attack SWIFT, using it more as a transport when the attack is on the Bank and then payment is made via a particular payment system according to its features, says CEO of Digital Security Ilya medvedovskiy. Information about the use of system vulnerabilities SWIFT has not yet been reported, although it is also quite possible. It is obvious that someday the cyber fraudsters can switch the interest on SPFS. Hackers are interested in everything that can bring them income.
The head of the Zecurion Analytics Vladimir Ulyanov supports the proactive approach of the Central Bank in preventing fraud.
Several hundred credit institutions comply with the requirements of the regulator for information security, a number of banks — not the whole set of measures, and partly, — the interlocutor explained. Since the attack on SPFS the level of threats correspond to attacks on the payment system of the Bank of Russia, credit institutions must provide the highest level of information security. Suspicions about the possibilities of attacks do not just born. And it is better to anticipate all risks — that the consequences were not sad.
According to Vladimir Ulyanov, before the advent of the center for combating cyber threats (FinCERT) banks shared information about unreliable counterparties to each other (but we can’t say that willingly). Now about the attempts of cyber attacks (like ending the theft of money, and reflected) banks report to the FinCERT. According to Vladimir Ulyanov, it is possible that some credit institutions still ignore some of the information (if it is on reflected attacks).
— At the same time, the employees FinCERT has the ability to monitor all operations within SPFS in real time, — said the expert. — This will help avoid the risk of concealing any information. Within the system of monitoring of additional reporting from banks to the Central Bank, most likely, will not be required. The technical upgrade will take time and funds to increase the amount of paper work. But nothing supernatural from banks do not require the introduction of heightened security measures is a realistic task.
The Central Bank has taught banks to successfully repel the attacks cyberhawks (as evidenced by statistics FinCERT). And with the high activity of hackers, the regulator has no reason to review the preliminary forecast for the amount of cyberimage — 4 billion rubles at the end of 2016. Despite the frequent reports of attacks by hackers on Russian and foreign banks, the Central Bank assured that the amounts of money taken from the Russian credit organizations will not exceed the forecast parameters.
— Analysis of statistical data, received from the Central Bank, and also from information exchange in the framework of the Center for monitoring and responding to computer attacks in the financial sphere (FinCERT) information suggests that the reasons for the Outlook revision no, — have informed “news” in a press-service of the Bank of Russia.
