Following various incidents and threats to the security of the SWIFT Messaging System used by majority of all banks in the country, Digital Encode found it necessary to circulate the following tips to help financial institutions secure their SWIFT Environments.
1. User Access Management: Proper user management should be observed at both the Application and Operating System (OS) level for all SWIFT Platforms. Being a critical environment, only specific users who require access to these platforms must be permitted. For more security, we also suggest implementing a jump host, so that users requiring remote access to the SWIFT Servers can only connect through this jump host.
2. Network Security: For optimum network security around the SWIFT Environment;
(i) Ensure that all SWIFT Servers are placed in a secured segment and behind a firewall.
(ii) All permitted IPs should be bound to the users MAC Address to prevent spoofing attacks.
(iii) Deny all inbound and outbound connections to the internet or ensure strict internet filtering if required.
3. Implement Secure Protocols & Services: Ensure that SWIFT Message partners (interfacing applications) connect to the SWIFT Servers through SFTP. All other unnecessary and insecure services should be disabled on the servers.
4. Update Security Patches and Antivirus: Windows Security Patches and Antivirus on the SWIFT Servers should be regularly updated. A process should be in place to regularly validate this by another party outside those responsible for running the updates.
5. Monitoring: Ensure all SWIFT Servers have File Integrity Monitoring solution and are adequately configured to detect unauthorized access/changes to pertinent files and folders, especially folders where transaction requests are dropped. They should also be enrolled on a SIEM tool and it should be ensured that all the Servers are reporting logs to this tool. There should be audit trails for all activities and the logs should be regularly monitored.
6. Multi Factor Authentication:
(i) If not already implemented, all users on the SWIFT Alliance platform should have Multi Factor Authentication applied to their profiles on the Application.
(ii) Multi Factor Authentication should be implemented on all the SWIFT Servers i.e. the OS level.
7. Secure Mailing Culture: It is possible to easily spoof mails and links by a malicious individual. Users of the SWIFT Platform should learn to discern such scenarios and be continually sensitized with information security awareness programs and trainings to keep them abreast of the various and new methods hackers use to carry out attacks on their social engineering targets.