Big Banks in Emerging Economies Are Suffering Crippling Cyber Attacks

Risks are also on the rise in advanced economies, as the Reserve Bank of Australia recently warned.  

The National Bank of Pakistan (NBP), Pakistan’s third largest lender, suffered a massive cyber attack on Friday that brought down its IT system. Major outages of this kind can cause huge challenges for consumers, including lack of access to money and services. The timing of the attack on NBP could not have been worse (or better from the hackers’ standpoint), coming just before November 1, when salary and pension payments are made to millions of current and former public workers. In a public statement NBP said:

“In the late hours of the 29th and early morning of the 30th October, a cyber-attack on NBP’s servers was detected which impacted some of its services. Immediate steps were taken to isolate the affected systems.” 

Pakistan’s central bank, the State Bank of Pakistan, said it is “monitoring the situation closely to ensure safety and soundness of the banking system”, adding that NBP has not observed any data breach or financial loss. NBP is one of three Domestic Systemically Important Banks. As an editorial in the Express Tribune, Pakistan’s only internationally affiliated newspaper, noted, this means it is “too big to fail” — “the entire national economy could collapse if something goes wrong at NBP.”

On Saturday, NBP said it was confident that essential banking services would be restored by Monday morning. That doesn’t appear to have happened. The Times of Islamabad reported Monday that millions of customers continued to suffer as the bank struggled to restore its IT system. Among the services still disrupted was the disbursement of payments and pensions for current and former public sector employees:

Credible sources within NBP have disclosed that the bank’s IT teams are working hard to restore its banking system ever since it went down but have failed miserably. They are reluctant to issue a deadline as to when the system will become completely operational once again.

Poor IT infrastructure has exposed Pakistani banks and the Federal Board of Revenue (FBR), a national law enforcement agency that investigates tax crimes, suspicious accumulation of wealth and money-laundering, to increasingly sophisticated cyber attacks. Those attacks have become more frequent since the Covid-induced lockdowns led to a surge in online transactions. Most worryingly, this is happening as banks, financial and government authorities are encouraging consumers to transition from cash to digital payment methods.

Pakistan wasn’t the only country to see a major bank’s IT system go down this past weekend. On Sunday, Mexico’s largest lender, BBVA, suffered its second Sunday outage in seven weeks. It is the third time the system has gone down this year. Once again, the bank’s 24 million customers were unable to use the bank’s ATMs, its mobile app or in-store payments. It being a Sunday, they could not even avail of the lender’s in-branch cash services. The latest outage lasted eight hours — significantly less than the 20 hour duration of the first outage, on September 12 — but still long enough to leave many of its customers seething. 

The bank blamed the earlier Sunday outage on an internal system update failure and was at pains to assure customers that their financial data was not compromised. For the moment the bank has not explained the reason(s) for its latest outage.

One major Latin American bank whose IT system was definitely brought down by hackers is Banco Pichincha, Ecuador’s largest private lender. The bank suffered a crippling cyber attack on the weekend of October 9-10 that disrupted many of its operations. Pichinchha shut down portions of its network to prevent the problems from spreading to other systems. The disruption lasted for a number of days, causing chaos for many of its customers. The bank insists that customer data was not compromised.

Although the bank has not revealed the exact nature of the attack, sources in the cyber security industry told Bleeping Computer that the disruption was the result of a ransomware attack with threat actors installing a Cobalt Strike beacon on the network:

Ransomware gangs and other threat actors commonly use Cobalt Strike to gain persistence and access to other systems on a network.

In February, Banco Pichincha suffered another cyberattack by cybercriminals known as ‘Hotarus Corp’ who claimed to have stolen files from the bank’s network. Pichincha disputed the hacker’s claims and said that one of their providers was breached instead.

“We know that there was unauthorized access to the systems of a provider that provides marketing services for the Pichincha Miles program,” Banco Pichincha said at the time. “In relation to this information leak, and based on an extensive investigation, we have found no evidence of damage or access to the Bank’s systems and, therefore, the security of our clients’ financial resources is not compromised.”

Another bank whose IT system was recently compromised is Venezuela’s biggest lender, Banco de Venezuela, whose 16 million customers had to endure five long days in September with no digital banking services. As I reported in “Banks Around World Are Suffering Big Outages, Leaving Millions of Customers in Lurch At Worst Possible Time“, the Maduro goverment laid the blame for the attack on the US government, which it accused of launching an “intense and aggressive” cyber attack against the bank’s IT system.

It’s not just emerging market banks that are suffering cyber attacks. One of New Zealand’s largest lenders, Kiwibank, and ANZ Bank, Australia’s third largest lender, have both suffered distributed denial-of-service (DDoS) attacks in recent months resulting in a spate of IT system outages. In a DDoS attack hackers inundate a website with so many bots connecting to it all at once, they render it inaccessible. Servers are not breached, data is not stolen but it can still cause lots of disruption.

The Covid era has also seen a high surge in high-profile ransomware attacks against companies, including US oil major Colonial Pipeline and Australian transportation and logistics company. As I reported in March, hackers targeted Spain’s employment service (SEPE) with a massive ransomware attack, which temporarily disrupted the disbursement of some unemployment and furlough payments. 

Continue reading on Naked Capitalism

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s