The European Investment Bank, with over 3,000 employees and assets surpassing €500 billion, has been the latest victim of a cyberattack. The latest attack is likely related to a series of high-scale cyberthreats against European financial institutions by pro-Russian hackers in response to European support for Ukraine, according to Cyber News.
The European Investment Bank is a major player in the EU’s financial infrastructure, being one of the largest multi-lateral lenders in the world. In addition, the bank acts as a top financier of efforts to combat climate change.
Considering the implications for Digital Journal is Sally Vincent, Senior Threat Research Engineer of LogRhythm.
Vincent provides an assessment of the details and what is at risk: “The European Investment Bank (EIB) officially acknowledged an ongoing cyber assault that commenced on June 19. While the responsible party and the extent of the compromised data remain uncertain, over 3,000 employees and assets surpassing €500 billion are at risk.”
In terms of the origin of the attack, Vince looks to an obvious target for state sponsored incidents of this nature: “It is noteworthy that this incident occurred after Russian hackers issued a warning last year, indicating their intentions to target Western financial establishments providing assistance to Ukraine.”
Whatever the origin, the attack was successful: “The cyberattack has resulted in a complete outage of both the EIB’s website and the European Investment Fund’s website.”
In terms of the implications for the financial sector, Vincent offers the following advice: “Given the growing threat presented by cybercriminals, financial institutions must re-evaluate their protocols for responding to incidents and strengthen their security position.”
In terms of other measures, Vincent mentions: “To protect banks effectively, it is recommended that they invest resources in cybersecurity solutions capable of detecting malicious behaviour and responding promptly by implementing measures to prevent unauthorized entry attempts.”
With her final recommendation, Vincent says: “Additionally, it is vital for these institutions to give high importance to authentication and access controls, as well as detection and response capabilities, while also ensuring real-time monitoring.”
