Cybercriminals have rattled the European Central Bank (ECB) by breaching one of its websites, for the second time in the last five years.
This time, the hack targeted ECB’s BIRD (Banks’ Integrated Reporting Dictionary) website, which grants banks an explicit description of data that supports reporting agents to organize information saved in their internal systems and efficiently achieve their reporting specifications.
“Phishing The BIRD”: The Story Goes This Way
Begun back in 2015, BIRD, is a combined initiative of the Eurosystem to the euro zone’s central banks and the banking system.
The recent cyberattack occurred by injecting malware into the external server that hosted the BIRD website, to aid phishing, which enabled the hackers to walk away with the names, email addresses, and position titles, of roughly 481 subscribers to their newsletter.
The scariest part of this is that the website seems to have been hacked several months before in December 2018; however, the ECB identified the information security breach just late in August 2019, during the regular maintenance work. Were it not for the maintenance work, who knows how long the infringement would have persisted neglected!
This apparently shows how much more challenging it is to manage security reactively than it is to be proactive about it.
And This Is Not The First Time!
The ECB underwent a severe data breach in 2014 as well, when the hackers managed to compromise its database serving its public website, leading to the theft of some similar information as in this breach. The ostensible intention of those cyber attackers was to seek financial compensation for the stolen data.
As a central bank tasked with delivering oversight to the European Union’s banking systems and the security, both these episodes will no doubt be embarrassing.
Latest In The Long Line Of Breaches
The ECB is not the first central bank to have the IT structure violated, although, the incident doesn’t correspond to the experiences its peers had to make.
In 2018, the payment system run by the Mexican Central Bank (Bank of Mexico/Banco de México) was compromised, allowing hackers siphon off nearly $20 million through fraudulent transactions.
The Central Bank Of Bangladesh also encountered one of the largest cyber heists in history in the year 2016, involving the attempted transfer of approximately $951 million from its account with the Federal Reserve Bank of New York. Even though many of those fraudulent transfer requests were blocked, $101 million was siphoned off successfully into foreign accounts.
Something To Learn From?
ECB was oblivious of the serious security breach for months. Until then, the ECB’s system and the personal data entrusted to them by those visiting their website remained to be at risk.
So, the key takeaway from this IT breach is to constantly evaluate and ensure that your alerting systems and log monitoring are tuned to your specific environment. Carrying out this task, in line with any vulnerability management or penetration testing exercises, can help highlight where there are such cybersecurity flaws.
And absolutely, this is the wake-up call for the entire financial industry!
Adding an extra layer of scrutiny under the guidance of an expert cybersecurity company is worthwhile, as all are at substantial risk of cyber-attacks at any given moment.