ECB: The Cyber-attack that went Unnoticed for Months


A cyber-attack that temporarily shut down one of the websites for the European Central Bank (ECB) went unnoticed for over six months. The ECB closed its Bank’s Integrated Reported Dictionary after it was revealed that hackers had infiltrated the site back in December and infected it with malware.

It is believed that the malware was deployed as part of a phishing campaign and may have been used to gather the names, titles and email addresses of their subscribers.

“The ECB is contacting people whose data may have been affected,” said an ECB spokesperson. “The breach succeeded in injecting malware onto the external server to aid phishing activities.”

According to the bank, no market-sensitive data had been stolen during the attack on the site, which is hosted by a third-party and offers financial reporting advice.

Ilia Kolochenko, chief executive of security company ImmuniWeb, said the “breach and its consequences are minuscule compared to most of the other breaches that have occurred in 2019. However, the nature of the breach and the time it took to detect it are quite alarming.”

Darktrace’s chief analyst, Mike Beck, added: “What’s worrying about this kind of attack is that it is often invisible to both the site owner and users. In this case, unbeknownst to ECB, hackers infected the site with harmful code and were harvesting data of newsletter subscribers, probably to launch sophisticated secondary attacks, like spear-phishing.”

Join us for ESRM 2019

Join us for our next Enterprise Security and Risk Management Conference on 27th November 2019. With the increasing accessibility of technology, we all have a role to play in visualising opportunities while ensuring that we are not burdened from doing so due to a lack of internal talent, qualified processes or external interference.