Less than a week before the February cyber-attack that crippled Malta’s Bank of Valletta (BOV), the nation’s largest bank, the Maltese Financial Services Authority (MFSA), issued a consultation paper on cybersecurity. The paper stated that the Authority, and those working within the cryptocurrency and blockchain industry, needed to adhere to the guidelines set out by the European Banking Authority (EBA), warning that more sophisticated cyber-attacks were a prevalent danger.
On February 13th and 14th, the hacking ‘group’ which has been dubbed as ‘EmpireMonkey’, struck BOV, compromising its systems and directing 13 million euros worth of fraudulent payments to bank accounts in the UK, Czech Republic, Hong Kong, and the US. Detailing the breach, Maltese Prime Minister, Joseph Muscat, said that the bank noticed the discrepancies when reconciling international transactions, on February 13th. The decision was taken, within half an hour, to suspend the banks services. They were reinstated on the morning of Thursday (February 14th), with the bank issuing a statement to reassure its clients, that business and customer deposits were not affected by the attack. To date, Bank of Valletta has recovered a significant amount of the fraudulent transfers.
Before BOV was targeted, the warning signs were apparent last October, with international banking giant, HSBC, being probed by a hacking ‘group’, believed to be EmpireMonkey. An internal IT security report, suggests that cyber security experts were made aware of the attempted attack, which targeted other Maltese banks too.
The hacking attempt used a tactic known as ‘phishing’, and in this case sent fraudulent e-mails, which pretended to be from the French stock market regulator. Phishing disguises emails as coming from official sources, and then, if the recipient clicks on the fraudulent link within the email, it can allow the hacker to access their data. In the HSBC case, the attack was detected and monitored. At the end of January, consultants became aware of another malicious document, which had been created on a domain and shared, with experts saying, “we have no information about the delivery, it was almost certainly a link in an email and occurred today [31 January] (…) it is likely that emails were delivered also using the same domain hosting the malicious document”. It is this email that likely compromised BOV.
The attack shook confidence in Malta’s aspirations to be a financial and cryptocurrency hub, whilst the country was seeking to gain an early advantage in the provision of a welcoming environment for those in the cryptocurrency business, known as Virtual Financial Agents (VFA’s). Ahead of almost all other EU states, Malta has already established a regulatory framework for the industry. “We are the first EU jurisdiction to have a complete framework that caters for all key areas of risk; the risks to consumers, market integrity, financial crime and cyber security,” said Joseph Cuschieri, head of the Maltese financial regulator. Malta has legitimate aspirations in this area, building on its market-leading position in the online gaming industry, coupled with a growing financial services sector. However, Malta’s steadfast moves to become the leading European cryptocurrency hub, do not come without challenges.
According to the International Monetary Fund (IMF), the growth of cryptocurrency operations in Malta makes the financial system vulnerable. The IMF said that this growth, along with the financial and remote gaming sectors, combined with a high demand for citizenship-by-investment, poses a threat to the nation’s financial security. Christopher Buttigieg, a supervisor with Malta Financial Services Authority, admitted that “as a result of these failures, we have learnt how to strengthen our supervision”.
One of these steps has been to hire the services (on March 11th), of US Cyber-security firm, Ciphertrace, to assist in the regulation of those VFA’s operating, or seeking to operate, from Malta. The steps are primarily taken to secure funds, and prevent money laundering and illicit fund transfers, which could be used for organised crime, or in the financing of terrorism – concerns explicitly raised by the IMF.
“Being strongly aware of the money laundering and financing of terrorism risks associated with entities operating in this sphere, the decision has been taken to engage the services of Ciphertrace, in order to reduce fraud, and detect transactions with illegal sources of funds,” Cuschieri added.