COUNTRY FOCUS: QATAR
I
n the latest report of a high profile cyber
security breach of a financial institution
in the region last week, it was reported
that Qatar National Bank (QNB) was the
victim of a hack in which personal details
of many of the institution’s clients were
posted on social media, writes Eric Eifert,
Senior Vice President, Managed Security
Services at DarkMatter. QNB claims there was no direct financial
loss as a result of the hack, though the
cost of the reputational damage to the
institution and in fact to the country is likely
to be significant.
According to a report in the Financial
Times, the 1.4GB leaked file includes
the names and passwords of thousands
of QNB customers. Subfolders within
the leaked data divide individual details
into further categories including staff at
Al Jazeera, members of Qatar’s ruling
Al-Thani family, and intelligence and
defence officials. Institutions need to know and understand
the scope and operations of their digital
assets in order to be able to identify any
abnormalities as quickly as possible. The
fact that it took many months for the
hacker’s presence in QNB’s system to be
detected, and this only after confidential
information was leaked to the public,
highlights that institutions are not being
aggressive enough in monitoring their data
assets in order to reduce the time required
to discover zero-day exploits.
According to a cyber security expert
quoted in the Financial Times article, the
breach was the work of a hacker who had
gained unlawful access to QNB’s system
as long ago as July 2015, this being the
time the presence of a secret insertion
tool was identified in a subsequent review
of the log file.
Thus the hacker is believed to have been
present within QNB’s system since last
July, having been able to work within
the environment and profile numerous
customers.
50
INTELLIGENTCIO
Each new breach teaches us different
things and in this case, DarkMatter
identifies the following key learnings:
Given the inclusion of direct references
to ‘spies’, members of government, and
the media in the leaked information,
one cannot rule out the possibility of
the attack having been orchestrated by
state-sponsored agents. Their hacking
techniques may be similar to non-
state-sponsored agents, though their
motivations could be quite different,
which makes them unpredictable and
often more difficult to identify.
Financial institutions remain a top target
for hackers either for financial gain or
to interrupt operations and embarrass
organisations. Hence institutions in this
sector need to develop even greater cyber
security resilience in their digital systems.
DarkMatter conclusion and
recommendations
This latest breach offers another insight
into why institutions need to develop
stronger, pro-active cyber defence
postures. DarkMatter advises that
institutions:
Keep up to date with the cyber security
policy guidelines and standards in
their markets of operation, as well as
internationally in order to assist in shoring
up their cyber defence posture against
known risks.
Develop as much visibility about their
digital assets and systems as possible in
order to better understand what is going
on in their environment and be able to pro-
actively protect and defend assets against
attack.
Continually evaluate the institution from a
cyber security perspective, and insure as
much integration as possible in order to
limit security failures due to ‘weak links’
within the system.
www.intelligentcio.com