Anonymous DDoS attacks part of the groups anti-banking campaign
No money was lost in the Anonymous DDOS attacks on Bank Indonesia and the Bank of Korea. Operation Icarus began last month with hits on several international banks (here).
The central banks of Indonesia and South Korea were hit by Anonymous DDoS cyber attacks on their public websites. In response to the attempted hacks, Bank Indonesia has blocked 149 regions that don’t usually access its website, including several small African countries, Deputy Governor Ronald Waas said in an interview late on Monday.
Several central banks were hit by similar attacks and were sharing the identified IP addresses used by the perpetrators. Central banks have been on high alert in the wake of revelations that hackers issued fraudulent money transfers to steal $81 million from the Bangladesh central bank in February (though not necessarily connected to Op. Icarus).
Bank of Korea officials told Reuters there was at least one DDoS attack on the bank’s website in May. No harm was done, they said. “They are trying to attack the reputation of the banks. So we’re blocking IP addresses from countries that don’t usually access us.”
In just half a day on Monday, Bank Indonesia detected 273 viruses and 67,000 spam emails to its email server and website, officials said. In early May, Greece’s central bank said that its website became the target of a cyber attack by Anonymous for a few minutes before the bank’s security systems managed to tackle it. The Central Bank of Cyprus has also said its website briefly came under attack in Ma
Should Banks be doing more to protect themselves and their customers?
Consumers are increasingly more likely to check their bank balance online rather than visit a bricks and mortar branch on the high street. With cyber crime representing an on-going threat, banks have implemented layers of security for logging into online banking, however, the most commonly used channel of communication between banks and their customers is arguably the least protected.
Cyber threats, such as email phishing, pose an increasing threat to banks and customers as more consumers migrate to online banking. Despite this fact, new research by Cyber Security Partners (CSP) reveals that a massive 97 percent of FTSE 250 companies, including three of the four banks in the list, are inadequately protecting themselves and customers from the threats of email phishing and malware. The research could suggest that many banks leave it up to customers to report instances of email phishing, rather than taking a more assertive and proactive approach.
Action needs to be taken
It is estimated that some 200 million phishing emails are distributed every day, highlighting the breadth of the issue and indicating that advice alone will not prevent this issue. A recent security breach at HSBC may have allowed the bank to emerge from the attack with client information safely intact, but it did little to instill consumer trust in the company
Andrew Tyrie, MP and Chairman of the Treasury Committee, expressed his concerns regarding cyber security: “Bank IT systems just don’t seem to be up to the job… Incidents like these are unacceptably frequent, and sometimes serious. Until this is sorted out, the public will remain more exposed than necessary to the risks of IT banking failures.”