[BreachExchange] ECB shuts down one of its websites after hacker attack

Destry Winant destry at riskbasedsecurity.com
Fri Aug 16 08:49:28 EDT 2019


FRANKFURT (Reuters) - The European Central Bank (ECB) shut down one of
its websites on Thursday after it was hacked and infected with
malicious software.

The ECB said no market-sensitive data had been compromised during the
attack on its Banks’ Integrated Reporting Dictionary (BIRD), which it
uses to provide bankers with information on how to produce statistical
and supervisory reports.

But it added malware had been injected on the server hosting the site,
adding that the email addresses, names and titles of the subscribers
of the BIRD newsletter might have been stolen.

An ECB spokesman added the earliest evidence found of the attack dated
back to December 2018, meaning it had gone undetected for months
before being uncovered during maintenance work.

“The ECB is contacting people whose data may have been affected, the
ECB said. “The breach succeeded in injecting malware onto the external
server to aid phishing activities.”

Launched in 2015, BIRD was a joint initiative of the Eurosystem of
euro zone central banks and the banking industry. Participation in it
was voluntary but its content was made available to all interested

The ECB said BIRD was hosted by a third-party provider and was
separate from any other ECB system.

“Neither ECB internal systems nor market-sensitive data were
affected,” the ECB said.

Central banks from Malaysia to Ecuador have been targeted by hackers
in recent years. One of the world’s biggest ever cyber heists took
place in 2016 when fraudsters stole $81 million from the central bank
of Bangladesh’s account at the New York Fed using fraudulent orders on
the SWIFT payments system.

More information about the BreachExchange mailing list