By Peter Branton
3 July, 2005
Mashreqbank suspended some of its online banking services last week,
citing the threat of hacking attacks. The bank said it had detected
evidence it was being targeted by hackers. Customers were sent an
urgent e-mail warning to change their passwords from a safe PC and the
bank temporarily suspended third-party payments online.
A spokesperson for the bank said that any such attacks had been
unsuccessful, with no customer accounts in danger. "Let me stress none
of our customers' bank accounts have been compromised for
international wire transfers and this is a precautionary measure
only," the spokesperson said.
In a statement, Mashreqbank said that its IT security officers had
detected a large number of failed attempts at logging in to access
accounts for funds transfer from unconventional IP addresses. This
activity "normally indicates hackers" the statement said. "Online
banking still remains a very secure channel and the temporary
suspension of online third party funds transfers will be reactivated
within a day or two," said the bank's spokesperson. "The e-mail alert
is part of our continuous efforts to enhance safety for online banking
services, which we normally do on a regular basis, in addition to
regular updates on security measures that we post on our web site,"
the statement said.
Mashreqbank customers last week received an e-mail alert, stating the
bank had detected a "heightened level of internet hacking activity" in
recent weeks. The alert advised them to change their password from a
PC that "you are sure has been verified not to have any viruses or
spyware installed." Users may have installed malicious programs which
could capture their login ID or password, the alert said.
Temporary restrictions on third party transfers were put in place to
ensure that we had time to alert you to specific hacking activity,"
the e-mail alert added. According to security experts, financial
institutions in the region are coming under increasing attack from
hackers and other cyber-criminals, although banks are notoriously
reluctant to come forward and discuss such issues.
Earlier in the year, security firm Symantec warned that few banks in
the region were aware of how vulnerable their systems were (see IT
Weekly 26 March - 1 April 2005).
"Banks in the Middle East are not doing enough to protect their
systems against security attacks," Kevin Isaac, regional director for
Symantec Middle East and Africa, said at the time. He said then that
he was aware of a number of banks that had been attacked this year,
although he declined to name the banks involved.
Justin Doo, managing director of Trend Micro Middle East and Africa,
said that Mashreqbank should be lauded for speaking out about the
security concerns and not "brushing them under the carpet" as others
had done, he claimed.
"It does make a big difference when someone is prepared to step
forward and say something. Far too many firms fail to come forward on
this," he said. "I think that this highlights the fact that as
internet usage increases in this region, we will see more focus here
from malicious attackers. Internet usage here is growing faster than
awareness of the dangers," he claimed.
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.