Criminals often sue malware to attack financial institutions around the world. In most cases, these efforts are more than successful, creating a strain on the financial ecosystem. Things are getting out of hand in Poland, though, as the financial regulator allegedly infected various banks with malware. A rather disturbing development seemingly orchestrated by foreign hackers.
It is not often a financial regulator infects banks with malware. It appears the Polish financial regulator became the victim of a malware attack themselves not too long ago. As their systems became compromised, the malware spread itself to other recipients, including various Polish banks. The Polish Financial Supervision Authority’s web server saw one of its local JS files modified by an unknown hacker.
It remains unclear who is behind these attacks or why they think Poland is a viable target. Moreover, there is no indication as to how many banks are affected by this hack. We do know how this problem has been causing issues for over a week now. It is also believed some banks have fallen victim to data theft already, albeit that has not been officially confirmed so far.
Malware Attack Affects Polish Banks
It appears this malware attack is the largest of its kind in Polish history so far. With an undisclosed amount of bank computers infected by this malware, no one knows for sure what type of damage has been done. It is possible the attackers have been snooping on internal bank network traffic for several weeks. Some experts claim this issue dates back to the autumn of 2016. That would mean Polish banks have been spied on for nearly six months.
The Polish financial regulator has dealt with some issues of its own in the process. Its website went dark yesterday afternoon and come online after a brief interruption. A message is displayed on the home page indicating how they were dealing with a security breach. A lot of Polish citizens are concerned about this development, though. If the financial regulator is responsible for spreading malware, it goes to show there are a lot of cyber security issues that need to be addressed.
All of this goes to show the financial sector remains insecure despite all of the recently issued warnings. Security experts feel banks and regulators don’t prepare for sophisticated cyber attacks. If this Polish case is an example, they are absolutely right in assuming banks are not prepared. So far, no customer funds have been stolen in the process, which will be of great relief to Polish citizens Then again, the full scope of this attack remains unknown at this time.
Header image courtesy of Shutterstock