Albaraka Bank Hacked
Al Baraka Banking Group learned that it’s Pakistan site was hacked after 7:00 pm PST on the 25th of May 2018.
Khaled Albalooshi, the award-winning head of IT at Al Baraka Banking Group, was able to regain control of the defaced site within an hour of being notified about the breach.According to cybersecurity expert of Madvertising, sites in Pakistan are the victims of hacking due to insecure development practices and inappropriate patch management wherein servers that are not patched can be accessed by a hacker.
The hacker, in this case, was self-identified as Mr.NitrOg3n and claims to have hacked a PMLN site as well.IT teams working in the banking, financial services, and insurance (BFSI) industries are required to identify identity and access management (IAS) opportunities and work on the solution. Oracle, SailPoint, CyberArk, and ForgeRock are among the common vendors for IAM product solutions.
A cursory glance at LinkedIn shows that most banks in Pakistan lack CISSP & CISA certified staff in IT departments, in a culture focused on the cure and allergic towards prevention mindsets. Strong IT teams are responsible to ensure that application hygiene (OS, hardware, stacks, patching, backup, compliance) meets the policies of regulators and implement Critical Application Framework (CAF) policy requirements. It is unclear at this point how much customer data was comprised due to the site breach.
Requests for comment and updates were ignored by the PR and media teams of Al Baraka Banking Group. Given that companies operating under the BFSI vertical hold sensitive customer information and could face heavy regulator fines, it is unknown why companies such as Al Baraka Banking Group fail to implement countermeasures.