Poland's most serious information security breach so far seems to have hit several of its banks by means of malware that came from the financial regulator.

The KNF, known in English as the Office of the Financial Supervision Commission, has detected an attempt to interfere with its website system from outside and appears to have passed a malware infection on to some of the 20 or so banks that it regulates. It owned up to the incident on Friday in an announcement by its spokesman, Jacek KNF Barszczewski.

He assured everyone that "the internal reporting systems by the supervised entities operate independently of the computer system that supports the website and remain safe and the work of the office remains unimpeded." The KNF has informed the competent law enforcement authorities, with whom it co-operates closely.

BadCyber has reported that the first signs of trouble at the banks came when they spotted network traffic going to exotic locations and encrypted executables that nobody recognised on some servers: "A little more than a week ago one of the banks detected strange malware present in a few workstations. [It] managed to share that information with other banks, which started asking their SIEMs for information. In some cases the results came back positive."

In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.

The Financial Supervision Commission was established by law in 2006 through the merger of the Securities and Exchange Commission and the Committee on Insurance and Pension Funds (KNUiFE). In 2008, the KNF also absorbed the Commission for Banking Supervision.

The regulator's web page at https://www.knf.gov.pl/ is well and truly blocked because its administrator is trying to gather evidence.