Friday, February 3, 2017

Attack on financial institutions. Hacking to the page the KNF, in the extreme case of a system of banks – Interfax

on Thursday, the website of the Committee for Financial Supervision acted, though not open some documents. On Friday at www.knf.gov.pl there is a “official Journal of the Committee of Financial Supervision”.

FSC recognizes that it came to intrusion attempts in her direction.

– In the Management Committee of Financial Supervision established, was an attempt of foreign intervention in the information system that supports the site www.knf.gov.pl. Internal reporting system supervised entities operate independently from the information systems supporting the web site and stay safe – soothes Igor Barszczewski, press Secretary of the KNF.

Adds that the Agency is “quietly”. Website www.knf.gov.pl has been disabled by the administrator) to protect the evidence. Control remains in current contact with representatives of the monitored sectors, including banking, the activity of which is not in any danger – according to KNF.

Infected banks

the First attack was reported by the specialized service of “Trusted Third Party”. “For more than a week Russian banking sector struggling with a very efficient burglars. Unknown received some time ago, access to workstations and servers, at least several banks and stole data from them," – said on the website. The authors add that this is the most serious attack in the history of the Polish cyber security. Of course, the most serious of those that have seen the light, because banks don’t like to boast such wpadkami.

we have Sent questions in several of them and received responses from eight. Millenium, Alior, Getin and ING denied that they have done the attack. – Our monitoring system has recorded in the last days of ineffective attempts to install malware. Safety systems had worked properly. Money and customer data remain safe, – said, in turn, Tomas Dziurzyński, Director of the security Department in the Citi Brand. Other banks refers to the Association of Polish Banks, and there is also more mystery than facts. – Our customers money are safe. The it infrastructure of banks can be wrong – he’s Przemyslaw Barbrich, press Secretary). However, according to our information, on Thursday evening) met security professionals from several banks.

Attack method?

Probably, the attack was carried out using the so-called method of watering. The criminal infects the page which is visited by target (here: employees of the Bank) of his attacks. When the target logs on to the site, grabbed the virus. That like to poison the water in the lake and wait until someone will drink water from it. Watering in this case was a party to the Commission of Financial Supervision.

the Part of our informants of the banks said that the virus could get in the way for computers of several employees of four banks. But others argue that the need to really powerful software to penetrate the highly protected banking system.

“Sophisticated software”

Experts niezwiązani with the banking sector almost believe that the attack took place. – Used sophisticated malware that infekowało servers and workstations inside the Bank’s network. The purpose of the infection is not clear, we can assume that after the break at the end station or server to do everything – collect information about customers, transactions, and attack the unrelated fragments of a banking network, for example, the control network ATMs, says Martin Ludwiszewski, a leader in the field of cyber security at Deloitte. Michael Cock, head of Department risk management information technology EY added: – As follows from the available information, the attacks used technically malware detected by antivirus engines. Can offer the attack of an organized group of cybercriminals or even a group of highly skilled professionals working for foreign governments.

it is Not known who was behind the attack. The Financial Supervision Commission has already submitted a notification about the burglary to law enforcement agencies.

LikeTweet

No comments:

Post a Comment