February 13th, 2019 marked a decisive shockwave in cybersecurity. This affected the banking industry in Malta as well as businesses in general. Hackers managed to infiltrate Bank of Valletta’s IT systems, posing as a French stock market regulator. This was done using simple phishing emails.
The upshot of the attack resulted in a €13 million heist. This led the bank to take its services offline shortly after it was detected. As typically happens in such cases, it appears that the hackers could have infiltrated the bank’s systems as far back as October 2018. This is quite often the case, and hackers usually take their time to understand the topography of a network which they manage to penetrate. In this way they plan out their attack with care. In fact, such hacks are becoming increasingly sophisticated.
In this case, investigations saw the police, financial services authority, government and foreign counterparts all come together to trace the missing cash. Moreover to come to terms with the possible flaws in Malta’s banking security systems.
On the day of the event the bank’s systems went completely dark and offline. The bank was quick to reassure clients that their accounts and funds had not been impacted or compromised.
As we have seen often in such cases, the magnitude of such attacks do not only have a direct repercussion for entities reflected in the funds stolen, but also reputational implications which are more difficult to rebuild in terms of business-client trust.