London-based financial technology company Finastra informed on 22 March that its customer and employee data was safe, two days after a malware attack was reported.
“Following Friday’s incident, Finastra’s teams have been working tirelessly to bring our systems back online. We’ve made significant progress and are now able to bring back online the servers which we voluntarily took offline whilst we neutralised the threat. We are working with our impacted customers systematically and securely to return to normal operations,” said a statement from chief operating officer Tom Kilroy.
“We would like to reassure our stakeholders that, to the best of our knowledge, we do not believe that any customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.”
Finastra IT security and risk teams detected The attack was detected “during the period immediately prior to March 20th, 2020” that “a bad-actor was attempting to introduce malware” into their network, said the company announcement.
The company has 10,000 employees and more than 9,000 customers, including 90 of the global top 100 banks, with a reported revenue of over £1.6 billion. The disclosure comes days after the company hosted a global hackathon, in which more than 1,000 participants across 38 countries took part.
"Different forms of cyber-crime go in and out of fashion according to how effective they are at any given moment, but ransomware has remained remarkably consistent. Another element granting popularity to this type of attacks is that they are relatively low cost and easy to pull off, especially when the target isn’t a large enterprise with the resources to protect its entry points, patch regularly and train its employees on email hygiene best practices,” noted Tarik Saleh, senior security engineer and Malware researcher at DomainTools.
This is the first reported cyber-attack on a UK-based financial services company after regulators this month announced several reforms to the financial services sector. The decision was taken after a Treasury Committee report in October 2019 called the IT failures of the sector “unacceptable”.
"Modern society relies on a properly functioning financial system – a financial system which is largely digital at this point. When an issue arises, be it due to a cyber-attack, poor administrative planning or simply software quality issues, the result can be catastrophic for consumers,” commented Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center (CyRC).
“This is precisely the scenario we saw play out over Black Friday when NatWest customers experienced significant outages and significant call queue lengths. As with any failure, understanding the cause is critical; more so since modern applications are increasingly deployed in third-party services such as those offered by major cloud providers.”
While the FCA, PRA and Bank of England can hold traditional financial institutions to account for their failures, things become considerably more complex when the failure occurs within the digital supply chain, Mackey noted.
“Organisations, regardless of their size, should realise that they are still potential targets and should therefore move cybersecurity to the forefront of their agenda; sometimes, even just ensuring that employees are prepared to recognise the signs of a phishing email can be what makes the difference between having to pay a ransom and a diverted security incident," said Saleh.