Polish banks are investigating a massive systems hack after malware was discovered on several companies’ workstations.
The source of the executables? The sector’s own financial regulator, the Polish Financial Supervision Authority (KNF).
A spokesman for the KNF confirmed that their internal systems had been compromised by someone “from another country”. But when it was discovered that the regulator’s servers were hosting malicious files that were then infecting banks’ systems, the decision was made to take down the KNF’s entire system “in order to secure evidence.”
According to one cyber security site that spoke to a number of banks and carried out a preliminary analysis, a number of banks confirmed that they had seen unusual network traffic and found encrypted executables on several servers. The details were rapidly shared between the group of roughly 20 commercial banks in the country and other banks started reporting the same issues.
Ironically, it is the KNF that sets cybersecurity standards for Polish banks but it is thought that a modified JS file resulted in visitors to the regulator’s site loading an external JS file which then pulled down malicious payloads.
Both the KNF and the Polish government have since told local Polish media that there is no indication that people’s money was touched and have given tentative assurances that no operations were affected. But they also stressed that investigations were ongoing.
The situation is being seen as the most serious ever attack on the Polish banking industry. ®
Source: SANS ISC SecNewsFeed @ February 6, 2017 at 07:06AM