British Tesco Bank Halts all Online Banking, Russian Central Bank Hacked

In what one could characterize as the worst banking hacker attack this year - and the only one to have ever caused a bank to shut down its site - Tesco Bank shut off online banking for all of its accounts after 40,000 of them were attacked. Hackers stole £2.5 million from 9,000 accounts. The bank stopped all online activity, but the site is back up now. The bank has not said specifically what steps they have taken to harden their site.

An employee who spoke to the media says the problem most likely could be blamed on Tesco grocery. Tesco also operates an online and brick and mortar grocery business. The employee said the bank’s employees are carefully vetted and its security is good. But the bank’s system is connected to the grocery system which has unpatched servers and poor security in general, the employee said.

It could be that the banking regulator shut down the online bank. The regulator issued a statement scolding the bank for lax security. Now the bank faces fines that could run into the millions of pounds.

A team of academics speculated that flaws in the Visa card system was at fault. They said algorithms could guess at the card’s security data and hackers could present the card at multiple outlets all at the same time to avoid raising suspicion of a brute force attack. But if that was true then other banks and retailers should have been attacked, yes? Even if what they said does not hold up under logical scrutiny it was widely reported in the press.

For example, The Guardian said, “They said the so-called ‘distributed guessing attack’ method they had identified was able to circumvent all the security features put in place to protect online payments from fraud, and exploited vulnerabilities at Visa.” But Visa said what the researchers at Newcastle University said did not take into account the multiple levels of fraud monitoring built into the Visa system.

tesco bank sends text messages to customers

Graphic: text message send to Tesco Customer

Text presented in the text message sent to Tesco customers:

Yesterday our fraud prevention system identified suspicious activity on a number of customer accounts including your own. The suspicious transactions relating to these accounts were immediately blocked to protect our customers. We are dealing with this as a matter ion urgency but in the meantime the majority of customers can continue to use their card using chip and pin functionality. Online servicing, telephony banking and the mobile app will continue to work as normal. If you have lost our due to fraud we will refund this transaction. We would recommend reviewing your payments and letting us know of any suspicious activity otherwise there is no need to call is at this stage.

The researchers had been working on their paper for some time and only published the results after the Tesco attack.

The UK banking sector came together after the attack to announce a data sharing system to alert each other when one of them is under attack. That might be less effective than hoped as the hackers attacked the bank on the weekend, presumably when customer service people would be fewer in number to respond to customer calls, thus taking longer to determine an attack was underway.

Hackers Steal $45 Millions from Russian Central Bank
We also have the news that hackers stole $45 million from the Russian central bank. The bank was able to recover $26 million. They did that by freezing accounts at other banks where the hackers had transmitted the money.

The theft was earlier this year. The bank said nothing at the time. They published news about that in their annual report.

valartis russian central bank hack

The bank did not provide any details on who the hackers were. But the Russian government said earlier in the week that they had uncovered a plot by foreign spies to sow chaos in the banking system through coordinate cyberattacks and fake social media messages. Media speculated that could be because US Vice President Joe Biden had warned Russia that there would be a response for Russian attacks on the American election system.

Hackers Blackmailing Clients of Bank of Liechtenstein Tax Haven
Hackers also attack Valartis, a Chinese-owned bank in Liechtenstein. The hackers are blackmailing their customers, telling them either hand over 10% of their savings or they will report them to the tax agencies in their home countries. Trading of the bank’s stock was halted for a short time in Hong Kong after the bank’s shares fell 12%.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal