Illusive Networks seeks to slow Swift attackers through deception

By scattering decoys across a bank's systems, Illusive Networks hopes to detect attackers before they can steal millions

Today's savvy bank robbers don't break into vaults looking for gold or diamonds: They're more likely to be hacking networks looking for access to the Swift payment system. Illusive Networks wants to catch them in the act.

In February, hackers exploited Bangladesh Bank's access to the Swift fund transfer network to steal US$81 million -- and almost got away with $951 million.

They had infiltrated the bank's network, installing malware on the Swift Alliance Access server that exchanged messages with the gateway to Swift's secure fund transfer system. They used the bank's Swift credentials to order payments, while their malware interfered with the printing of confirmation messages, delaying the bank's discovery of the electronic heist.

It's not yet clear how the attackers obtained the credentials: Inside help is one possibility, while another is that they found the credentials somewhere on the bank's internal network.

Now an Israeli company hopes to foil future heists of this type by making it easier for attackers to find Swift credentials and servers -- or at least, something that looks distractingly like them -- as they explore a bank's network.

At the SIBOS banking conference in Geneva on Monday, Illusive Networks announced a new addition to its Deceptions Everywhere product line: Swift Guard

In an effort to catch hackers as they move laterally around a network they've broken into, Illusive seeds customer networks with what it calls "deceptions," or decoys masquerading as high-value targets. It says these work better than traditional honeypots because they are everywhere and it's harder for attackers to recognize them as fakes. If an attacker interacts with any of the deceptions, Illusive's management console raises an alert.

Swift Guard disguises itself as key pieces of Swift infrastructure including credentials, databases, gateways and access servers and web interfaces. It doesn't directly protect the real targets; it just buries them in a haystack of fakes, making it likely that, as the attackers move around the network, they will be discovered before they find what they are looking for.

"In Bangladesh Bank they were doing thousands of searches for the Swift machine till they found it," said Illusive CEO Shlomo Touboul. If the bank had been using Swift Guard, that would have resulted in a series of alerts before the attackers were able to install their malware one of the Swift servers.

Dozens of banks are already using Deceptions Everywhere, and they'll get the Swift Guard component at no extra cost, Touboul said. For new customers, the price will depend on the network that needs protecting.

Join the CSO newsletter!

Error: Please check your email address.

More about Geneva

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts