The Society for Worldwide Interbank Financial Telecommunication (SWIFT) system has increasingly become a target of hackers in 2016, as attackers attempt to exploit banks. Security vendor TrapX is now helping banks that use SWIFT to mitigate the risk of attack via deception technology.
The objective of TrapX’s deception technology platform is to trick attackers into thinking they are attacking a real service, when in fact they are not. The foundation of the TrapX system is a lightweight emulation engine that can mimic the way a real operating system works. With the new SWIFT capability, TrapX now can emulate a SWIFT terminal.
Attackers are attracted to the decoy SWIFT application, according to Greg Enriquez, CEO of TrapX. When interacting with TrapX’s SWIFT deception, attackers think they are attacking the real SWIFT system, he said. TrapX is able to monitor the emulated SWIFT terminal and see what procedures and methods attackers are using to infiltrate and exploit the system.
“It’s an emulation for SWIFT, and it’s so much more sophisticated than just attracting and luring attackers; we’re emulating the real devices,” Enriquez told eWEEK. “Our deception grid platform emulates dozens of operating environments, so we can do the operating system fingerprinting for anything.”
As TrapX sees new threats, it can build new deceptions to help enterprises, which it is now doing with the SWIFT capabilities, Enriquez said. He noted that TrapX didn’t need to license any technology from SWIFT to enable the deception. That said, TrapX has spoken with SWIFT, though there is no formal agreement or partnership between the two organizations, according to Enriquez.
SWIFT terminals are supposed to be on separate, isolated network segments. TrapX can be deployed on an organization’s separate virtual LAN (VLAN), though Enriquez noted that in many cases, networks that companies think to be isolated are often still connecting out to the public internet. He noted that TrapX’s goal is to help organizations lure hackers into the deception decoys, regardless of where they are coming in from.
Given that the SWIFT deception is intended to appear exactly like the real thing, there is a theoretical risk that a legitimate user could end up in the wrong place. However, according to Enriquez, TrapX’s deceptions have a low false-positive rate and don’t typically ensnare legitimate users.
“SWIFT hacking is a real problem,” he said. “It’s a very sensitive area for financial institutions.”
The SWIFT deception capability is being made available at no additional cost to existing TrapX customers.
TrapX raised $5 million in an extended Series B round of funding from Strategic Cyber Ventures (SCV) in April, bringing total funding to date for the company to $19 million.
“The investments we’ve taken have helped us to create more emulations for more environments,” Enriquez said. “Deception is a platform that has become a doctrine for cyber-warfare to help protect organizations from the bad things that can happen.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.