Page 91 - Cyber Warnings
P. 91
Tesco Bank
Oversight
by Charles Parker, II; Information Security Architect
And the hits keep coming. The Swift issue involving over $100M in thefts has recently been not
in the news nearly as much. The Swift system is currently being updated and upgraded so this
does not occur again.
Just as the banking industry begins to move back into its normal, conservative stance, another
issue in the industry occurs and is well-placed in the news.
This recent issue occurred with Tesco Bank, located in the UK. Tesco Bank noted suspicious
activity and transactions with 40K accounts of their total 136K accounts. These transactions
occurred over a weekend. In approximately half of these accounts, there was money missing.
What triggered the suspicious activity flag was the bank’s fraud algorithm.
The bank is presently working with the National Crime Agency to investigate this. This has been
reported as one of the larger breaches in recent history.
Method
As with most attacks, this has been labelled as “sophisticated”. The attack and thefts occurred
over a 24-hour period with the varying amounts. This was probably meant to gather/steal as
much as possible prior to being caught, much like structuring transactions to avoid being
detected.
The bank’s actions indicate the attack did not involve the bank’s core computer system. Had
more of the functions facing the clients been locked down, it would have been more likely the
enterprise would have been compromised.
With the timing, it also appears the attack was automated. With the number of accounts with
stolen money involved experiencing this within the 24-hour period, the automated attack is
probable. The attack also appears to be website-oriented. With any maintenance or updates,
there can be new errors or bugs that were not present previously.
Even with the best, detailed planning, evening if a DFMEA process were to be utilized, there
may be issues. These issues provide for an attack point. The attackers do consistently scan the
websites on their reader for changes and new vulnerabilities. This could also be directly from a
third party, who had access to their system, being compromised. This may have allowed the
91 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
