Financial fraudsters target SE Asia, warns cyber report
The menace of cybercrime is mushrooming in line with the complexity of financial architecture, with emergent financial markets particularly vulnerable to cyber attack
South East Asia is by far the biggest target for fraudsters involved in cybercrime, according to a new report by SWIFT.
SWIFT released insights around the evolving nature of the cyber threats facing the global financial community, and how efforts to promote robust cyber security standards and the introduction of security-enhancing tools.
The report, entitled “Three years on from Bangladesh, Tackling the adversaries”, authored by SWIFT ISAC, was released in April 2019.
With Asian banks susceptible to cyber threats, industry analysts warn of a growing need to learn from these experiences and address the threat.
The report states, “Notwithstanding the increased success level in detecting and preventing attacks, it is critically important for industry participants and their security partners to understand how the attackers have evolved – and how quickly they can adapt their attack patterns to avoid detection.”
Key findings of the report:
· Four out of every five of all fraudulent transactions were issued to Beneficiary accounts in South East Asia
· Approximately 70% of attempted thefts were US dollar-based – but usage of European currencies increased
· The value of each individual attempted fraudulent transaction decreased dramatically – from more than US$$10 million to between US$$250,000 and US$$2 million
Guy Sheppard, head of APAC financial crime, analytics and intelligence, SWIFT says: “It is no surprise to us that hackers are focusing on our more emergent community member markets with smaller amounts being attempted to avoid detection.”
“In many cases, awareness of this type of attack is still very embryonic both at the banks themselves as well as at the regulatory agencies. In some cases, the law enforcement and legislative bodies that report, oversee and address this threat are still very fragmented,” he adds.
Sheppard says banks in emergent markets need to prioritize the installation of real-time fraud detection systems that are based externally from their local architecture as the latter is the initial target for these attacks.
He also strongly believes that the financial community must learn from the experiences of other banks to address so-called “common cold” cyberattacks. A common cold attack is one which shares the same core characteristics of how they are perpetrated with minor modifications each time.
“SWIFT’s Payment Controls is a preventive solution and its user-configurable scenarios cater for both smaller as well as more mature institutions. It constantly adapts to new technologies, new strains of viruses and practices of the criminals themselves,” he says.
“Asian banks must accept that they are more susceptible as the initial target for fraudulent payments and as the receivers. Over 83% of cases are based in the region. It is vital that we take affirmative action to improve levels of controls to be better equipped to detect abnormalities in payment volumes, currencies and indeed flows to stamp out this repeat, persistent threat,” he warns.
12 Apr 2019