Overnight, news on the wires has indicated that a major bank has had its website compromised by hackers. We wouldn't normally "name and shame" the site that has been hit, but as others have already named Bank of India as the victim it seems silly now not to.
The Bank of India website now appears to be clean. Although it is not clear how the site was compromised we do know what it was compromised with. There were several malicious Iframes on the site. We are currently in the process of updating our Mal/Iframe-F detection for this specific threat. However, WS1000 appliance customers will be pleased to know that the URLs referenced by the malicious webpages were blocked by Sophos over 14 days ago.
As mentioned by my colleague earlier (see post) there can be a number of different people responsible for the care of a website. The public hold banks up to a higher degree of responsibility than most businesses and yet, as I write, there has been no statement about this security breach from the company. We also don't know what steps they may have made to prevent a similar attack from happening again in the future.
The loss of reputation, goodwill and trust from being hacked is an incalculable quantity. This hack should alert all businesses big and small that web security isn't an optional extra - it's a must.