The National Bank of Pakistan (NBP) suffered a cyberattack last week that disrupted its services for three days. Hackers targeted a section of the computer system at the National Bank used for controlling the bank’s ATM network and mobile apps.
Arif Usman, NBP President confirmed the cyber-attack in which the attackers failed to gain access to the NBP’s main servers, though they did take control of some of the computers running Microsoft’s software.
While the attack disrupted some of the systems, no funds were reported missing, according to the bank and people familiar with the attack and the current investigation.
"In the late hours of the October 29 and early morning of October 30, a cyberattack on the NBP's servers was detected which impacted some of its servers. Immediate steps were taken to isolate the affected systems. NBP’s teams supported by top specialists worked over the last 48 hours to resolve the issue,” the bank said in a statement stated.
Due to inaccurate reporting by local news outlets, some scared customers rushed to ATMs to withdraw funds on Monday morning. The Pakistani government had to step in and issue a statement in order to calm spirits and prevent a run on all Pakistani banks.
Pakistani security researcher Rafay Baloch shared a screenshot on Twitter earlier today claiming to portray one of the affected NBP systems. The screenshot showed a Windows computer failing to start due to a missing boot configuration file error.
Fortunately, more than 1,000 branches are opened and are working smoothly catered, the bank said in a statement on Monday. Additionally, all ATMs nationwide had been fully restored.
Earlier this year, Pakistan’s Federal Board of Revenue (FBR) database also suffered a cyberattack. Minister Shaukat Tarin informed the National Assembly that FBR portals were subjected to 71,000 cyberattacks every month on average.
“The government needs to develop a framework and risk mitigation guidelines where a minimum level of cyber threat deterrence is maintained by country’s critical infrastructure institutions which include the banks. Pakistan should introduce industry-specific regulatory compliance that requires financial institutions to implement sufficient information security protections,” cyber security expert Haroon Ali stated.