http://www.itp.net/news/details.php?id=16534 By Peter Branton 3 July, 2005 Mashreqbank suspended some of its online banking services last week, citing the threat of hacking attacks. The bank said it had detected evidence it was being targeted by hackers. Customers were sent an urgent e-mail warning to change their passwords from a safe PC and the bank temporarily suspended third-party payments online. A spokesperson for the bank said that any such attacks had been unsuccessful, with no customer accounts in danger. "Let me stress none of our customers' bank accounts have been compromised for international wire transfers and this is a precautionary measure only," the spokesperson said. In a statement, Mashreqbank said that its IT security officers had detected a large number of failed attempts at logging in to access accounts for funds transfer from unconventional IP addresses. This activity "normally indicates hackers" the statement said. "Online banking still remains a very secure channel and the temporary suspension of online third party funds transfers will be reactivated within a day or two," said the bank's spokesperson. "The e-mail alert is part of our continuous efforts to enhance safety for online banking services, which we normally do on a regular basis, in addition to regular updates on security measures that we post on our web site," the statement said. Mashreqbank customers last week received an e-mail alert, stating the bank had detected a "heightened level of internet hacking activity" in recent weeks. The alert advised them to change their password from a PC that "you are sure has been verified not to have any viruses or spyware installed." Users may have installed malicious programs which could capture their login ID or password, the alert said. Temporary restrictions on third party transfers were put in place to ensure that we had time to alert you to specific hacking activity," the e-mail alert added. According to security experts, financial institutions in the region are coming under increasing attack from hackers and other cyber-criminals, although banks are notoriously reluctant to come forward and discuss such issues. Earlier in the year, security firm Symantec warned that few banks in the region were aware of how vulnerable their systems were (see IT Weekly 26 March - 1 April 2005). "Banks in the Middle East are not doing enough to protect their systems against security attacks," Kevin Isaac, regional director for Symantec Middle East and Africa, said at the time. He said then that he was aware of a number of banks that had been attacked this year, although he declined to name the banks involved. Justin Doo, managing director of Trend Micro Middle East and Africa, said that Mashreqbank should be lauded for speaking out about the security concerns and not "brushing them under the carpet" as others had done, he claimed. "It does make a big difference when someone is prepared to step forward and say something. Far too many firms fail to come forward on this," he said. "I think that this highlights the fact that as internet usage increases in this region, we will see more focus here from malicious attackers. Internet usage here is growing faster than awareness of the dangers," he claimed. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 05 2005 - 00:46:16 PDT