DarkMatter discusses digital environments after QNB hack
DarkMatter urges organisations to know their digital environment to prevent cyber-security threats
Each data breach teaches individuals and organisations different things, and in light of Qatar National Bank's (QNB) high-profile hack, cyber-security firm DarkMatter identifies key learnings.
This week, QNB confirmed that it was a victim to financial cyber-crime in which 1.5 GB trove of leaked data including personal details of many of the bank's clients, ranging from Al-Jazeera journalists, members of the ruling al-Thani family to government and defence officials, were posted on social media.
DarkMatter's Eric Eifert, senior vice president of managed security services identified prominent findings from the hack.
Eifert said: "Given the inclusion of direct references to ‘spies', members of government, and the media in the leaked information, one cannot rule out the possibility of the attack having been orchestrated by state-sponsored agents. Their hacking techniques may be similar to non-state-sponsored agents, though their motivations could be quite different, which makes them unpredictable and often more difficult to identify."
Despite the leak of personal information, the criminals' intent was to damage the bank's reputation rather than steal money. The hacker is believed to have been present within QNB's system since last July, having been able to work within the environment and profile numerous customers.
"Institutions need to know and understand the scope and operations of their digital assets in order to be able to identify any abnormalities as quickly as possible. The fact that it took many months for the hacker's presence in QNB's system to be detected, and this only after confidential information was leaked to the public, highlights that institutions are not being aggressive enough in monitoring their data assets in order to reduce the time required to discover zero-day exploits," said Eifert.
He added: "Financial institutions remain a top target for hackers either for financial gain or to interrupt operations and embarrass organisations. Hence institutions in this sector need to develop even greater cyber security resilience in their digital systems."
DarkMatter advises that institutions should keep up-to-date with cyber security policy guidelines and standard in their markets of operations. Also, organisations should develop as much visibility about their digital assets and systems as possible in order to better understand what is going on in their environment and continue to evaluate their systems.
The recommendations are incorporated under DarkMatter's a four-stage Cyber Security Life-Cycle approach, which encompasses planning, detection, protection, and recovery.