Cyberattacks on Banks: Top Cybersecurity News from June 2023
Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from the third week of June 2023?
There has been a significant change in the target paradigm for threat actors. We have seen a large number of sophisticated attacks on some of the biggest banking institutions across the world. The financial sector was the second most targeted industry last year, and the rate of cyberattacks continues to increase throughout this year. Let’s delve into some of the biggest stories of this week:
European Investment Bank Targeted Pro-Russian Hacktivist Group
The European Investment Bank (EIB) confirmed on Monday, June 19th, that it is under cyberattack, allegedly orchestrated by the pro-Russian hacktivist group known as Killnet. The bank made this announcement via its official Twitter handle at approximately 4:20 p.m. local time, reporting that the attack had disrupted the availability of its website.
In a message posted on their Telegram channel earlier today, the hacktivist group claimed responsibility for the attack on the EIB, stating that they had targeted the bank’s internal network infrastructure. The website remained inaccessible at the time of writing this report, further corroborating the bank’s assertion that it was “responding to the incident.”
Killnet, in what appears to be a response to Europe’s continued support for Ukraine, issued a threatening statement implying an extensive cyber onslaught on Europe’s banking systems. They taunted the continent with a cryptic message: “Hello Europe! How are things with the IBAN banking system? I feel like something is wrong with her. Perhaps the transfer system is affected by bad weather. And also the weather forecasters say that not only IBAN will be dead, but also SEPA, WISE, SWIFT.”
The recent attack on the EIB is suspected to be a part of this larger strategy by the pro-Russian hacker collective. The continuing threat has put European banking institutions on high alert for potential cyberattacks.
ChatGPT Security Breach Impacts Thousands – India Most Affected
Cybersecurity firm Group-IB reported that over 100,000 credentials of OpenAI’s popular application ChatGPT were found on dark web marketplaces between June 2022 and May 2023. The study shows Asia Pacific as the hotspot, accounting for 40.5% of stolen ChatGPT accounts. India alone recorded the highest number of compromised accounts at 12,632. These findings, gathered from info-stealing malware logs, underscore a significant cybersecurity threat to the widely used AI platform.
Capital One Confirms Customer Data Breach
Capital One has revealed its involvement in the recent cyberattack on NCB Management Services, a Pennsylvania-based debt-buying giant. Initially focused on ex-Bank of America customers, Capital One confirmed that over 16,500 of its own clients had sensitive data, including physical addresses and Social Security numbers, exposed in the breach. In April 2023, following a detailed investigation, NCB informed Capital One of the breach. In response, NCB has employed Kroll to provide two years of complimentary identity monitoring services to the affected individuals.
Medibank Staff Data Compromised in Cybersecurity Breach Amid Ongoing Litigation
Australia’s leading private health insurer, Medibank Private, reported a cybersecurity breach on Tuesday, compromising staff names and contact details. The incident, involving a compromised property manager’s file transfer software, adds to Medibank’s woes as it navigates the fallout of a major data breach last October affecting approximately 9.7 million current and former customers. The company is currently facing three class action lawsuits and an ongoing privacy investigation. Notably, the recent breach did not involve employee bank details, payroll, or home addresses.
Ex-Mayoral Candidate Sues Latitude for $1 Million Over Data Breach
Latitude Financial Services Australia faces a $1 million lawsuit from former mayoral candidate Shahriar “Sean” Saffari following a cyberattack in March. The breach, originating from a third-party vendor’s privileged credentials, exposed the data of 7.9 million customers. Saffari’s personal details, including his Low Rate Latitude Mastercard Credit Card information, were shared on the dark web. In a recent Federal Court filing, Saffari alleges that Latitude failed to protect his data adequately, resulting in a violation of privacy and a breach of duty of care.
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.