Wednesday, 8 February 2017
Polish banks are investigating a massive systems hack after malware was discovered on several companies' workstations.
The source of the executables? The sector's own financial regulator, the Polish Financial Supervision Authority (KNF).
A spokesman for the KNF confirmed that their internal systems had been compromised by someone "from another country". But when it was discovered that the regulator's servers were hosting malicious files that were then infecting banks' systems, the decision was made to take down the KNF's entire system "in order to secure evidence."
According to one cyber security site that spoke to a number of banks and carried out a preliminary analysis, a number of banks confirmed that they had seen unusual network traffic and found encrypted executables on several servers. The details were rapidly shared between the group of roughly 20 commercial banks in the country and other banks started reporting the same issues.
Ironically, it is the KNF that sets cybersecurity standards for Polish banks but it is thought that a modified JS file resulted in visitors to the regulator's site loading an external JS file which then pulled down malicious payloads.
Both the KNF and the Polish government have since told local Polish media that there is no indication that people's money was touched and have given tentative assurances that no operations were affected. But they also stressed that investigations were ongoing.
The situation is being seen as the most serious ever attack on the Polish banking industry
Sophos has announced a deal to acquire the core technologies of anti-malware protection outfit Invincea for $100m plus up to $20m, dependent on first-year revenues.
Invincea makes a line of signature-less endpoint procession technologies that rely on machine learning and behavioural monitoring to block malware.
Sophos plans to integrate Invincea's tech into the Sophos Central endpoint product line, before releasing revamped products later his year. The plan parallels the integration of SurfRight's technology into Sophos's product line following a smaller December 2015 acquisition.
In the 12 months to 31 March 2016, Invincea recorded billings of $13.4m, revenue of $9.8m and a loss before tax of $11.8m.
Invincea Labs, a division of Invincea that has been separately managed and operated since 2010, will be spun out prior to the acquisition and does not form part of this transaction.
Sophos expects to complete the acquisition around the end of this fiscal year. It anticipates the deal to be "broadly neutral" to its balance sheet in its first year before adding to its revenues thereafter.
Sophos CEO Kris Hagerman commented: "Invincea is leading the market in machine learning-based threat detection with the combination of superior detection rates and minimal false positives. Invincea will strengthen Sophos's leading next-gen endpoint protection with complementary predictive defences that we believe will become increasingly important to the future of endpoint protection and allow us to take full advantage of this significant new growth opportunity."
Together with Ni Cybersecurity, Elbit Systems' subsidiary will launch a cybersecurity training and simulation center in Tokyo, addressing the growing cybersecurity skill shortage before the 2020 Olympics
Elbit Systems announced today that its subsidiary Cyberbit was awarded a contract from Ni Cybersecurity, the Japanese cybersecurity service provider, to launch a cybersecurity training and simulation center in Tokyo powered by the Cyberbit Range platform.
Ni Cybersecurity will set up a training facility in Toranomon, Tokyo that will address these challenges by accelerating the certification of new cybersecurity experts and helping organizations improve the skills of their existing staff, focusing on government and finance organizations. The contract, in an amount that is not material to Elbit Systems, will be performed during 2017.
The new training facility will be powered by the Cyberbit Range, a cybersecurity training and simulation platform. It enables trainees to practice in real-life settings by accurately replicating their network setup, using their actual security tools and simulating their typical network traffic. The Range provides a selection of simulated attack scenarios, including ransomware. It is the underlying platform for multiple training centers in North America, Asia and Europe.
Adi Dar, Cyberbit’s CEO said, “When there is a need to certify tens of thousands of new cybersecurity experts while improving the skills of existing ones, all within a very short timeframe, enrollment in simulated training programs is the best choice for finance, government and other organizations in Japan. I am confident that the initiative, led by Ni Cybersecurity, powered by our Range platform, will contribute to Japan’s cyber readiness for the 2020 Olympic Games, and for years to follow."
Takeshi Mitsuishi, President and CEO of Ni Cybersecurity, said, “We selected the global leading cyber range platform, and we’re taking it to the Japanese market by opening our new training center in Tokyo, launching in Toranomon. Based on the global success of the Cyberbit Range, our customers can expect exceptional quality training, faster certification, and overall more qualified and skilled cyber security personnel.”