Two years after an attack on Tesco Bank resulted in £2.26 million being stolen online from 9.000 customers, the research. Along with the finding, the bank was fined (over £16.4m) for failing to protect its customers.
The audits were carried out by the Financial Conduct Authority (FCA) and the concluded (PDF) ότι η τράπεζα θα πρέπει να καταβάλει πρόστιμο ύψους 16,4 εκατομμυρίων λιρών γιατί απέτυχε να "ασκήσει τις απαιτούμενες ενέργειες, και να δείξει την απαιτούμενη προσοχή και επιμέλεια" για την protection of account holders from cyber attacks.
The identities of the hackers were not revealed, but according to the report published by the FCA they managed to gain more than £ 2 millions in 48 hours in November of 2016.
The attack began at 2:00 on Saturday 5 November 2016 and by 04:00, Tesco Bank's fraud detection system had automatically started sending messages κειμένου στους κατόχους των τρεχούμενων λογαριασμών της τράπεζας, ζητώντας τους να προσέξουν για μια «ύποπτη δραστηριότητα» στους λογαριασμούς τους. Έτσι έμαθε η τράπεζα για την επίθεση...
As calls grew rapidly, Tesco Bank's controls managed to stop almost 80% of unauthorized transactions. But the attack had already hit 8.261 from the 131.000 bank customers.
Attackers allegedly used an algorithm that created authentic Tesco Bank debit cards and using these virtual cards, thousands of unauthorized transactions were made.
The FCA said the incident was due to the way Tesco Bank distributed debit card numbers, but also mistakes made in the reaction when they became aware of the attack. But the bad design of Tesco Bank's debit cards is workingeyein an important role in finding security holes.
Also according to the FCA, it took 21 hours after the attack began for Tesco Bank's security team to be notified. Throughout this period, illegal trading continued.
____________________________
- Google Chrome 69 comes and brings problems for Flash
- Debian 9.5: Available the fifth point release of Stretch
- MX Linux 17 x64 Custom ISO from iGuRu.gr
