In a shocking turn of events, the Bank of Valletta (BOV) which accounts for almost half of Malta’s banking transactions suffered a major cyber-attack on Wednesday. The bank shut down all its operations yesterday morning after hackers broke into its system and moved over €13 million ($14.7m). Ironically, the bank celebrated “Safer Internet Day” just two days ago.
Bank of Valletta suspended all of its banking operations including internet banking, cashpoints, and branches. Entire BOV website has gone offline. A spokesperson for Malta’s biggest bank stated that they had to isolate the server as a precaution and that their IT team is working extremely hard to ensure that the attack has been thwarted. He said that they have to ensure the attack isn’t there anymore before online services are resumed. The official also confirmed that no accounts had been compromised, did not give any timeline as to when the services will restart. He further added that local and international police have also commenced an investigation on the attempted hack.
Addressing the parliament Prime Minister Joseph Muscat said that the cyber-attack created false international payments to bank accounts in the United Kingdom, the United States, the Czech Republic, and Hong Kong. He added that the entire system is being examined by the Bank of Valletta, and the operations will resume soon after security is ensured. Muscat claimed that because such an important financial institute had pulled the plugs, the economy has been severely impacted.
The unprecedented total shutdown of the bank has caused problems abroad for credit card holders, who needed to make payments. All payment processing has been halted, including payments made through point-of-sale terminals of shops, as the backend relies on BOV systems. Though, alternate arrangements were being sought to help those affected.
Soon after the business day started, the bank realized irregularities during the daily reconciliation exercise of international transactions. Immediately afterward, the Security Services confirmed that the bank was under an “extremely elaborate” cyber-attack. As soon as the bank realized this, they asked the correspondent banks in the recipient countries to block the transactions and to reverse payment already carried out.
The bank is also carrying out an internal investigation to know from where did the attack originate and how was it executed. Initial reports suggest that the hack was of a foreign origin. Malta Financial Services Authority (MFSA) is monitoring the situation closely. MFSA CEO Joseph Cuschieri has stated that the MFSA follows ECB guidelines with respect to cyber-security threats and attendant risk mitigating factors which need to be followed by licensed institutions. He further added that it was the bank’s responsibility to protect cyber-security.
Such cyber-attacks against the bank are not as unusual as we may assume. In October 2017, hackers managed to fly away with a whopping $60 million from the Far Eastern International Bank, one of the biggest in Taiwan. Last year, India based Cosmos Bank lost $13.5 million from August 10 to 13. This hack was attributed to North Korean cybercriminals, who are allegedly backed by the state as well.