UK banks 'hit by cyber attacks'
29 November 2013
Posted by Michelle Devonshire
Banks in the UK have been hit by a number of targeted cyber attacks over the last six months.
This is according to the latest Financial Stability Report from the Bank of England (BoE), which highlights the risk such attempts hold. Given the interconnected nature of the financial markets, the bank fears a widespread incident is more likely in the UK than in other sectors.
BoE highlights a centralised market infrastructure as a potential weakness, as well as its 'legacy' IT systems. It also states many of these attacks, even if they do not steal data, can nonetheless cause a delay.
The report stated: "Cyber attack has continued to threaten to disrupt the financial system. In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services."
As a result of BoE's findings, the government is working with financial authorities to create an action plan, aiming to "assess, test, and improve cyber resilience across core parts of the financial sector".
This will incorporate the recent cyber drill Waking Shark Two, which explored how the market would react to a large cyber incident. The results of this simulation will be published early next year.
One of the problems with any cyber crime is discovering the key weaknesses involved. Experts at FireEye recently identified a zero-day attack, an incident which does not give the victim any days to respond or halt the intrusion. Many attempts take much longer, for instance, giving people time to react and stop potential penetration.
FireEye's researchers Xiaobo Chen and Dan Caselden said: "The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel."
However, this could prove more problematic for financial services, where data and networks are already shared. If it is assumed various operating systems can have vastly different levels of security there may be a potential question of how much the network can be affected by its weakest link.