UK Lenders Shared Threat Info After Tesco Bank Attack

The UK’s banking sector enacted contingency plans that enabled members to share crucial intelligence following a major cyber-attack against Tesco Bank earlier this month.

The news was revealed in the Bank of England’s latest Financial Stability Report, which claimed that “cyber and technology-enabled attacks continue to be a serious threat to the resilience of the UK financial system.”

It continued:

“High profile incidents in 2016 have raised awareness of the importance for institutions of ensuring that they have appropriate controls and measures in place to counter fraud. In response to the recent incident at Tesco Bank, the UK authorities activated a contingency plan, as part of the Authorities’ Response Framework, to share intelligence across firms, allowing other institutions to review their own resilience to such threats.”

The British lender claimed that 9000 customers were affected by the attack, which cost Tesco £2.5 million to reimburse those who had funds stolen from their accounts.

The firm initially froze accounts as a precaution, refusing to allow online transactions from current accounts, although cash withdrawals, chip and PIN payments, and existing bill payments and direct debits were allowed to continue as normal.

However, it was later claimed that the attack was aimed not at core banking systems but customer accounts themselves.

Eset researchers said they thought the Retefe banking trojan was behind the blitz, and was likely to have been emailed out to Tesco Bank customers in the form of a malicious attachment they were socially engineered into opening.

Experts believe organizations need to get better at information sharing if they want to improve their cybersecurity posture.

However, a study from BDO Technology Advisory Services last month found that just a quarter (27%) of US firms currently share info on cyber-attacks with third parties.

The situation has become more problematic in the post-Snowden world as many organizations now believe that sharing any intelligence with the authorities might subject them to unwanted attention from the security services. 

What’s hot on Infosecurity Magazine?