Qatar National Bank’s head office in Doha. Image Credit: Reuters

Dubai: The hackers who attacked Qatar National Bank last week have attacked a second bank and are set to leak more data, a security expert told Gulf News on Monday.

“The attackers announced that they are going to make the data public for the second attack, in the next few days. This data could be used for ransom. We are monitoring it,” said Mohammad Amin Hasbini, senior security researcher, global research and analysis team at Kaspersky Lab. He said that the hackers could have Turkish roots and are known as Turkish Bozkurt Hackers.

The hackers, who have uploaded a video online, have claimed responsibility for the bank breach. Hasbini said the attack could be related to the complex geopolitical situation in the region.

Hasbini said that the hackers have not asked for any money yet, but have only leaked the data online. It [QNB breach] could be a political motive but “we are not sure yet. It is strange, normally hackers do hack for a goal.”

Global losses from hacking and undesired spamming exceed $100 billion a year, according to Kaspersky Lab. Hackers stole $101 million from Bangladesh’s central bank in February, and at least 40 million credit cards were compromised in a data breach at Target Corp in 2013.

News of the breach comes just weeks after Bangladesh’s central bank announced that cybercriminals managed to steal over $100 million from one of its accounts at the Federal Reserve Bank of New York. The bank managed to recover some of the money, but $81 million that were transferred to the Philippines are still missing.

“Going by the motivation of financial gains, GCC region and the regional financial institutions could be more vulnerable because of the high concentration of wealthy individuals in the region. In the light of the increasing attacks it is important for regional institutions to take additional steps to protect their key data,” said Stephen Bailey, who leads the cyber security team in PA Consulting’s technical security practice in the Middle East and North Africa region.

“The motive of the QNB hacking can’t be pinpointed at this stage. Although the bank has claimed it is an attack on its reputation, there could be a “financial angle” as these professional hackers are hired by someone with a motive, which could be from tarnishing someone’s reputation to making financial gains from personal data of customers. But at this stage, it is difficult to believe anyone hacking into a bank’s data system just for defaming the institution.

“The strangest part of the QNB incident is that the hackers reportedly had access to the bank’s data systems for a fairly long period — by some accounts about 200 days — and the bank’s security system could not detect it until they made off with 1.4GB of data, and worse, the bank came to know of it when some of the data was published,” he said.

Hasbini said the hackers have used an ‘SQL injection” method to bypass the security of the bank and leak the data.

SQL injection is an open source tool that is used to attack data-driven programs. It must exploit security vulnerability in software, and is the most common method for attacking websites. It allows the hackers to complete disclosure of all data on the system, spoof identity (gaining an illegitimate advantage into the network by falsifying data), destroy the data or tamper with the existing data.

Most of the time vulnerabilities in security systems occur when modifications are done to existing websites and applications. Institutions must get their basics right in securing their critical data, Bailey said.

“There needs to be more care taken when modifications or new modules to the existing data system is introduced. There needs to be classification of data at various levels, the storing and securing should be done according to the importance of these data,” he said.

Symantec figures show the total number of breaches has risen slightly by two per cent in 2015. The year also saw nine mega-breaches, surpassing 2013’s record of eight breaches containing more than 10 million identities each.

Hassam Sidani, regional manager for Symantec Gulf, said over half a billion personal records were stolen or lost in 2015 globally. Data breaches continue to impact the enterprise.

In fact, he said that large businesses that are targeted for attack will on average be targeted three more times within the year. Additionally, the largest data breach ever publicly reported occurred last year with 191 million registered US voters’ records compromised in a single incident. There were also a record-setting total of nine reported mega-breaches. While 429 million identities were exposed, the number of companies that chose not to report the number of records lost jumped by 85 per cent.

He said that businesses in the UAE were a victim of 2.7 per cent of global targeted attacks, with an organisation facing an average of 2.2 attacks through the year.

“Organisations in the finance, insurance and real estate sectors were the most affected by targeted attacks in the UAE in 2015, with 31.5 per cent of overall attacks being directed towards them. Small organisations (1-250 employees), were the target of the most number of (64.2 per cent) spear-phishing attacks in the country,” he said.

These organisations may be targeted as they have “less robust security” parameters, and can be used to gain access to its partner ecosystem, which may comprise larger and more lucrative companies.

Hasbini said banks will need to protect them from SQL injection attacks and they need to fine-tune and well protect its products and customers.

_ With inputs from Babu Das Augustine/Banking Editor