Polish Banking Sector with System-wide Hack
A wide-ranging hack is already being dubbed the worst cyberattack on the Polish banking industry.
The sector's own financial regulator, the Polish Financial Supervision Authority (KNF), was ironically the original source of the compromise. The regulator's servers were hosting malicious files that were then infecting banks' systems.
A spokesman for the KNF told the Register that its internal systems had been compromised by someone "from another country,” and that the KNF's entire system has been taken down "in order to secure evidence." So far, consumer bank balances have not been affected.
David Jones, global head of payments and banking at Irdeto, told us via email that the attack is yet another example of creative cybercriminals leveraging diverse technologies to seed and propagate an attack across multiple banks.
As a result, advanced security solutions should be considered for all apps/APIs that access and expose sensitive financial/private data, he added.
“Due to diversification of the cryptography, attackers are unable to weaponize attacks per user to impact a larger base,” he noted. “In the case of the Polish banks attack, enhanced app/API security working in parallel with robust network infrastructure policies could have prevented a breach—whose damage is still to be understood and quantified fully.”
Source: Information Security Magazine