European Central Bank has recently become the victim of a cyber attack. The attack was successfully deployed by injecting a malware into one of the websites of the bank. Apparently, attackers stole the information of the newsletter subscribers of the websites.
The identity of attackers is unknown. Hackers managed to install malware on the external server that hosted the BIRD website to host software to deploy phishing attacks. This allowed attackers to access the names, email addresses as well as the position titles of site’s 481 subscribers.
The ECB ensured its users that the stolen information does not have their passwords and neither the internal systems of ECB nor the market-sensitive data was affected.
The European Central Bank (ECB) is the central bank of 19 European Union countries that have adopted the Euro and is responsible for supervising the banking system’s data protection practices across these countries.
Has the European Central Bank Been Affected by Cyber Attacks Before?
The bank has suffered a data breach in 2014 when hackers compromised its database serving its public website, leading to the theft of email addresses, phone numbers and other contact details of people registering for events at the ECB.
According to the bank, an unauthorized party had managed to breach one of its websites known as Banks’ Integrated Reporting Dictionary (BIRD). The website was being hosted by a third-party provider.
Apparently, the BIRD website was hacked several months ago in December 2018. However, the European Central Bank discovered about the breach during the last week while regular maintenance work was going on.
Are There Any Other Cases of Banks Being Attacked?
This is not the first time when, attackers have targeted a bank website. Several cases have come into limelight, where attackers have targeted banks.
- In 2016, cybercriminals stole $81 million from the central bank of Bangladesh.
- During the same year in November, Tesco Bank was fined over £16m for failures that allowed hackers to steal £2.26m from its customers in an incident that occurred for more than 48 hours.
- In May 2018, The Bank of Spain’s website was hit by a cyber attack through a denial-of-service (DoS) attack. However, the attack did not affect bank’s services or its communications with European Central Bank or other institutions and there was no risk of a data breach.
- In August 2018, Cosmos Bank which is one of the oldest urban cooperative banks in the city was targeted by cyber scammers. The attackers hacked into its e-system and robbed Rs. 94.42 crore on 11th and 13th of the month.
Banking and financial services sector faces three times more cyber-attacks than any other industry. The reason behind this sensitivity is since most of the money lies with banks along with the data of millions of users. For cyber criminals, banks are mines for extortion, theft as well as fraud. Cyber attackers disable IT and security teams with the inability to collect, disseminate or interpret malicious events.
The attackers are leveraging cyber security in banking by:
- Using Cloud-based Botnets in order to takeover processing power
- Exploiting Near Field Communications
- Launching Distributed Denial of Service (DD0oS) attacks via the cloud
- Hacking on multifactor authentication technologies
How do attackers impact the cyber security in banking sector?
- Unencrypted Data – Most of the data breaches occur due to improper encryption and stolen data the immediate accessibility to the stolen data.
- Unprotected Third Party Services – Unprotected third-party services can allow cyber attackers to access sensitive data. It is, therefore, important to emphasise on cybersecurity.
- Unsecured Mobile banking – Recently, with the wave of digitalization, an increase in the mobile banking has been observed. This has given hackers an opportunity to easily access data because of the lack in complicated security systems on mobiles.
How Can We Enhance Cyber Security in Banking?
Such incidents and their aftermath make cyber security in banking of extreme importance. With proper cyber security measures, banks can ensure that they are safe against various cyber attacks. Let us read about these security measures in detail:
- Employ security controls like multi-factor authentication, using strong passwords, image authentication etc. will help in securing customers while doing Internet Banking.
- Ensure that mobile applications are updated and are properly tested under latest standards.
- Banks should conduct cyber security awareness training for ensuring that employees are aware of different forms of cyber attacks and tactics that are employed by attackers.
Cyber security companies like Kratikal ensure that employees can develop a cognitive defence mechanism. With its flagship cyber attack simulator and awareness tool ThreatCop, employees can develop an overall ability to detect and evade latest cyber threat.