ECB Confirms Hacker Attack And Shuts Down One Of Its Websites

The European Central Bank (ECB) confirmed it suffered a breach that involved attackers injecting malware which led to a potential loss of data, and forced ECB to close down its Banks’ Integrated Reporting Dictionary (BIRD) website until further notice.

Experts Comments

August 19, 2019
Laurie Mercer
Security Engineer
HackerOne
While cyber attack simulations using red teams like the ones the European Central Bank deployed are good in theory, they are limited in scale and not nearly comprehensive enough to conduct a thorough assessment of third-party risk. Hacker-powered security, or crowd-sourced security, can provide that degree of scalability due to the number of hackers involved in continuous testing of an organization’s attack surface.
August 19, 2019
Bryan Becker
DAST Product Manager and Security Researcher
WhiteHat Security
ECB’s statement claims only contact information was stolen, which almost seems tame in 2019. The scary part is that this breach happened in 2018 but was only recently noticed because of system maintenance. This isn’t that unexpected, though, as the average time for organisations to detect a breach is around 200 days, and around 160 days for the financial sector (which is the second best of all industries!). This just shows how much more difficult it is to handle security reactively than.....Read More
ECB’s statement claims only contact information was stolen, which almost seems tame in 2019. The scary part is that this breach happened in 2018 but was only recently noticed because of system maintenance. This isn’t that unexpected, though, as the average time for organisations to detect a breach is around 200 days, and around 160 days for the financial sector (which is the second best of all industries!). This just shows how much more difficult it is to handle security reactively than it is to be proactive about it.  Read Less
August 19, 2019
Tony Pepper
CEO
Egress
The financial services sector is frequently targeted by malicious attackers, due to the nature of the data it receives, shares and manages. The European Central Bank (ECB) is the latest victim, with hackers installing malware that’s thought to have collected email addresses and other details from its Banks’ Integrated Reporting Dictionary (BIRD) website. It’s important the 481 BIRD subscribers who have had their details compromised be extra vigilant going forward. The compromised email .....Read More
The financial services sector is frequently targeted by malicious attackers, due to the nature of the data it receives, shares and manages. The European Central Bank (ECB) is the latest victim, with hackers installing malware that’s thought to have collected email addresses and other details from its Banks’ Integrated Reporting Dictionary (BIRD) website. It’s important the 481 BIRD subscribers who have had their details compromised be extra vigilant going forward. The compromised email addresses that have been taken from the server could be used in future phishing attacks by malicious actors, enabling them to gain further pieces of personal data or trick recipients into downloading malware to their systems. These subscribes should be on the lookout for any message that seems suspicious, for example using incorrect branding or poor grammar. In addition, they shouldn’t click on any suspicious links contained in these emails; instead, they should hover their mouse over it to see if the address matches the link displayed or if possible, open the site via another window.  Read Less
August 19, 2019
Ilia Kolochenko
Founder and CEO
ImmuniWeb
The breach and its consequences are minuscule compared to most of the other breaches that have occurred in 2019. However, the nature of the breach and the time it took to detect it are quite alarming. The question is how many more breaches of ECB and its externalized systems have not yet been discovered, and what will the impact be. Third-parties with unknown volumes of sensitive data are the Achilles’ Heel of holistic cybersecurity. Organizations should ensure a comprehensive visibility.....Read More
The breach and its consequences are minuscule compared to most of the other breaches that have occurred in 2019. However, the nature of the breach and the time it took to detect it are quite alarming. The question is how many more breaches of ECB and its externalized systems have not yet been discovered, and what will the impact be. Third-parties with unknown volumes of sensitive data are the Achilles’ Heel of holistic cybersecurity. Organizations should ensure a comprehensive visibility and up2date inventory of their digital assets, as you cannot protect what you are can’t see. Third-party risk management including verification of how do they enforce applicable data protection policies is another vital though widely ignored task. Finally, a continuous security monitoring should be implemented for all public-facing web applications hosted internally, externally or in the cloud.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts