Analysis: attacking and defending SWIFT systems

Oliver Simmonet, Security Consultant
November 2021

35 million transactions per day were made by SWIFT’s 11,000 members in 2020. And an average of 42.5 million messages were sent daily between March 2020 and March 20211*. SWIFT is totally synonymous with global banking and finance, so of course SWIFT systems have become an attractive attack vector for financially (and politically) motivated attackers.

This paper (originally released in 2018 and now updated with new attacks and recommendations) reviews some of the most infamous SWIFT-related breaches. By analyzing the commonalities between them, organizations can better understand how they might be targeted and plan their own defenses, beyond the compliance demands of SWIFT’s Customer Security Program (CSP).

What’s in the paper:

  • A threat analysis of the most high-profile SWIFT-based attacks
  • A summary of the common factors
  • An examination of how the SWIFT CSP can improve security for SWIFT members
  • Recommendations for security measures that go beyond SWIFT CSP


*Source: https://www.swift.com/about-us/discover-swift/fin-traffic-figures

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs