Polish banks have reportedly been infected with malware from a Polish financial regulator. Several unnamed banks were infected by as yet unknown viruses from the Polish Financial Supervision Authority (KNF), which ironically enough oversees the information security of Polish banks.
Several banks had complained of attacks over the week of 30 January, noticing suspicious files and encrypted traffic flowing through their networks and to strange IPs. Further investigation revealed malware on servers and workstations. Further investigation led the banks down to the source which, strangely enough, was their own regulator.
Ilia Kolochenko, CEO of High-Tech Bridge told SC Media UK that we should be expecting attackers to get more crafty as we get more vigilant, “In the past, hackers used one-off or garbage websites to host malware, but as corporate users become more educated and vigilant, attackers need to find more reliable avenues to deliver malware and enter corporate networks.”
“That's why Gartner, and other independent research companies, continuously say that the risk of corporate web applications is very high and seriously underestimated. Spear-phishing and watering hole attacks against high-profile websites will significantly grow in the near future."
The KNF released a statement to press, saying that though the website was infected, KNF systems themselves are safe and “the work of the office run(s) unimpeded”.
The regulator's website has currently been shut down and been made inaccessible by the administrator. The event has been reported to Polish CERT.KNF did not respond to requests for comment.