In any good detective story, the villain generally turns out to be the least likely suspect. So, true to the trope, when Poland’s banks investigated the source of the most serious malware attack in their history, they found that the unwitting culprit was none other than KNF – their own financial regulator.
It appears that KNF’s internal system had suffered an attack from an overseas actor, infecting its servers with malicious files that were then spread to Poland’s leading commercial banks. Embarrassingly, KNF is responsible for setting the cyber security standards for Polish financial institutions.
KNF and the Polish government have given some rather lukewarm assurances that no operations have been affected, but are continuing to carry out further investigations. Banks are, of course, attractive targets for hackers, and the past few years have seen several large-scale attacks which have at times even been blamed on state actors. With financial transactions almost exclusively taking place digitally, possible attack vectors for determined hackers are almost endless – from compromised mobile banking apps to rerouting transaction flows on global platforms.