It looks like the application was to blame and an exploit like SQL injection, a code injection technique used to attack data-driven applications, may have been used. The welcome news for customers is that the attacker was not able to get to their internal systems, meaning that the bank must have used a Demilitarized Zone (DMZ) or full system separation for the internal and external systems. This attack is the latest to deliver a clear message to businesses across Europe – to protect information we need to know the full context of the user’s interaction with the application. We also need to use tools like web application firewall (WAF), proxy functionality, and contextual awareness to understand and separate legitimate users from those with more suspicious motives. Another question to ask is, ‘why isn’t all personal information encrypted?’ In this case, while most of the data was encrypted, parts of the database, including email addresses, street addresses and phone numbers, were not. Although someone’s credit card number is not exposed, there can still be enough personal information that hackers can put to ‘good’ use. Recently the black market has been flooded with credit card numbers, meaning that there has been a significant drop in the cost for someone to acquire them. The higher value items include packaged whole identity with email address, telephone numbers and street address. This information can be used for many things, such as selling phone numbers to targeted advertisers, spam and identity theft. Over the past couple of years we have seen a rise in the amount of cyber-attacks carried out on banks, including China’s central bank in 2013 and Russia’s central bank a few months ago. With the sophistication of cyber-attacks developing at such a vast rate, and with this recent incident in mind, it is now more important than ever that organisations take note and put the stringent processes in place to prevent more attacks like this from happening. The tools are available and straightforward to implement, but it’s down to businesses to prioritise cyber in their planning. Gary Newe, Sr. Systems Engineering Manager, F5 Networks.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.