View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 15, 2019updated 16 Aug 2019 11:21am

Phishing the BIRD: ECB Website Hacked

"The breach succeeded in injecting malware onto the external server"

By CBR Staff Writer

Hackers have penetrated the European Central Bank’s Integrated Reporting Dictionary (BIRD) website, stealing personal data and forcing the ECB to shut down the site, which was maintained by a third-party provider.

The breach only came to light during routine maintenance work, the ECB said in a short notice today, saying “the breach succeeded in injecting malware onto the external server to aid phishing activities.”

That it was not identified earlier will likely raise questions for the ECB’s own security team: such breaches can be the springboard to further attacks, as stolen credentials are used to underpin additional efforts.

ECB Hack: Embarrassing, but not Damaging

The BIRD website provides the banking industry with details on how to produce statistical and supervisory reports. It is physically separate from any other external and internal ECB systems, the ECB said.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“Neither ECB internal systems nor market-sensitive data were affected” it said.

The hackers only appear to have gained access to the email addresses of 481 subscribers to a statistical newsletter, but the incident is an embarrassment to the ECB.

The breach of what appears to have been a vendor’s server once again drives home the security issues in vendor supply chains and comes days after a major Capital One data breach that appears to have also resulted in scores of other companies being affected.

The precise nature of the exploit has yet to be fully revealed, but appears to have involved a misconfigured firewall and not fully locked down AWS buckets.

See also: Area 1’s European Cable Hack Leak Leaves Infosec Pros Confounded

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.