Tesco bank has reported losing £2.5 million in a recent cyber-attack. Experts are saying that the warning signs were clear, and hackers were bragging months before Tesco even knew.
Cyber security company, Cyberint, stated recently that they had discovered posts on multiple Dark Net hacking forums about a lender being easy to cash out from. So far there hasn’t been any links indicating whether the most recent attack is the topic of these posts and Tesco has declined to comment on the issue multiple times. Tesco stated is unable to give any details to the crime while the investigation is under way.
It has been suggested that the cyber raid involved contactless payments that were triggered by the use of smartphones. A separate online security firm said that Tesco had been warned that several of its mobile apps were malfunctioning months in advance; but these warnings were ignored.
The Financial Times reported that Cyberint performed its own investigation into hidden pages on the Deep Web in light of the thefts Tesco suffered on November 5th and 6th. The company stated that multiple posts, across multiple forums were found talking about the use of a Brute Force Attack that enabled them to access Tesco accounts. Thousands of login and passwords were tested until one was found that worked. The report also stated that Tesco had tried to take the appropriate measures to safeguard against these attacks, but hackers were able to breach Tesco’s site anyway.
Elad Ben-Meir, Vice President of Cyberint’s marketing said:
It was a cat and mouse game, but we saw indicators starting from September; two months before the actual attack, of quite a few threat actors saying, “We’ve been successfully getting into accounts and cashing out through various means. This was on the AlphaBay forum, hacking forum and some lesser known places, and there was plenty of proof. One guy said, “I used to cash out £1,000 every week without anyone ever noticing.
Ben-Meir said that the company had tried to pitch their services to Tesco earlier this year, but the meetings never went anywhere.
The mobile app specialists, Codified Security stated that they didn’t get any response when they contacted Tesco and their subsidiary bank by email several months ago. They reported doing research into the apps across the UK and found many problems. When they reached out to try to warn the company they received no responses. The flaws weren’t made public, in order to keep the hackers from an all-out exploit frenzy. It was mentioned however, that the top banks had very good mobile security, and it was the lower level banks, under these that had the majority of the issues.
Martin Alderson of Codified Security said:
They are pressured to bring out a coherent mobile strategy because their customers are demanding it. But often I’m not sure they have the understanding of all the technical aspects to make them secure.
He went on to state that nearly half of the companies they have wrote too, haven’t responded, so he wasn’t at all surprised that they didn’t hear back from Tesco.
As mentioned, Tesco has still yet to release any statements on the incident, but the company told the BBC that they reg
ularly receive promotional information from companies like these, but they haven’t the need for them because they have “first-class colleagues working hard to serve our customers.”
Its reported that thousands of low amount fraud purchases were made at Best Buy stores across the U.S., as well as other Vendors in the U.S. and Brazil. While there is nothing concrete, a warning from Europol two months prior to these attacks is being linked to the incident as well:
The possibility of compromising NFC transactions was explored by academia years ago, and it appears that fraudsters have finally made progress in the area. Several vendors in the Dark Net offer software that uploads compromised card data on to Android phones in order to make payments at any stores accepting NFC payments.