/cloudfront-us-east-1.images.arcpublishing.com/copesa/4XFG6UKL35GQPCDRJAXCBP7GBM.jpg)
[ad_1]
New details about the cyber attack on BancoEstado are emerging every day. This Wednesday, the president of the entity, Sebastián Sichel, and the president of the Commission for the Financial Market (CMF), Joaquín Cortez, attended the Senate Economic Commission, where they revealed more information on what happened.
There, Sichel said that the ransomware would only have entered the bank a few days before the virus was detected on Saturday, September 5, unlike what happened in the 2018 cyberattack on Banco de Chile, where it was inside the system for months. before attacking.
“It is a very short period (…) not even weeks,” said Sichel when asked by Senator Felipe Harboe (PPD). BancoEstado’s operations and systems manager, Marcelo García, pointed out that “we are not actually talking about weeks, we are talking about days.”
Business leader regrets cyber attack on BancoEstado and highlights the role of the institution
BancoEstado complaint reveals that the cyber attack was first detected at Bandera’s branch in Santiago Centro
BancoEstado continues to advance in the reopening of branches after cyberattack suffered on Saturday
However, the head of the Operational Risk Unit of the CMF, José Mendoza, pointed out that “it cannot be ruled out (that it has been in place for longer), because ultimately a large part of the actions being carried out are to operationalize all services (of the bank) that are unavailable, and together we are seeing what (are) the vulnerabilities that were exploited to install this virus. In our opinion it is not possible to rule out anything because we do not have total information ”.
Some issues that have not yet been operationalized are, for example, the course of credits, say knowledgeable sources, an issue that for now would remain under arrest. On the other hand, it would be working so that the emails of the executives can return to work in contingency through an extension that would be created.
Senator Harboe asked if it was true that part of the bank’s cybersecurity team today are the same ones who had been working at Banco de Chile when the cyberattack on the entity linked to the Luksic group and Citibank occurred, against which from the state they clarified that this is effective. Of course, they would have worked in Banchile at that time.
On the other hand, Sichel now said that in reality there was no theft of information from the entity through the hack, but that the malware managed to encrypt data from the bank, so in practice a commercialization or sale of that data should not be observed, since they would not have managed to get them out of the bank.
This, despite the fact that on Tuesday the president of BancoEstado said that “what happened in practice is that this virus or this attack was looking to collect data. It took data that, for now, for the bank, is not significant, that is why we have been able to start the operation and what can probably happen these days is that they try in some way to commercialize or sell this data “.
Likewise, the former minister stressed that there has been no request for ransom, and that “what the specialists also say, they explain, is that it is very unlikely (…) as there was no actual data collection in this attack, (that ) there are particularly requests for kidnapping or ransom ”. However, he pointed out that this Thursday they expect to have all or over 80% of the branches operating.
The president of the state company also mentioned the containment measures they took in this process. He explained that on the same Saturday they took down the internet bank systems, in addition to turning off the most sensitive servers to avoid contamination. That same day they called a specialized team from Microsoft, who are the ones performing the forensic analysis.
In parallel, he pointed out that “the crisis committee begins to work specifically on impact measures, it is determined that the virus first particularly affects Windows platforms, which is why we have particularly worked there, and mainly programs that allow face-to-face channels”.
In any case, he pointed out that “the malware is controlled (…) The spread ended the same day, Saturday.” He also detailed that the PDI has taken statements and obtained results.
For his part, the president of the CMF reported that on Saturday they received a call from the state company that informed them of what had happened, “and they reported the first measures to contain the virus. With this, the operational continuity group of the Financial Stability Council was activated, coordination with the industry and its operational continuity groups began, a second report was received from BancoEstado through the operational incident report (RIO), in that additional characteristics of the malware were identified and a forensic analysis of the affected computers began ”.
Cortez also explained that there were meetings between the technical teams of the CMF and BancoEstado, as well as between the management team of the Commission, with the president of BancoEstado, its general manager, and risk and technology manager.
“Regarding giving BancoEstado a grade, the truth is that what I can say is that BancoEstado has recently increased its budget in terms of cybersecurity and has been closing gaps. I am not yet in a position to rate them from 1 to 10, ”Cortez said.
[ad_2]
