In August this year, Cosmos Bank became the latest victim of a major cyber-attack. Hackers breached the bank’s ATM switch server in Pune, stealing details of multiple Visa and Rupay debit card owners. The details were then used to carry out around 12,000 fraudulent transactions across 28 countries on August 11 – with a further 2,841 transactions taking place in India.
The attack didn’t stop here. Two days later, on August 13th, in another malware attack on the bank’s server, a SWIFT transaction was initiated – transferring funds to the account of ALM Trading Limited in Hanseng Bank, Hong Kong.
The total losses from the attack stand at INR 94 crore, or 13.5 million USD. Cosmos Bank was forced to close its ATM operations and suspend online and mobile banking facilities.
How did the attack happen?
Why is this attack more serious?
Just a few days prior to this attack, the American FBI had warned banks of a major hacking threat to ATMs worldwide. According to Krebs On Security, the influential cyber-security blog run by journalist Brian Krebs, a confidential alert to international banks informed them that criminals were plotting an imminent, concerted global malware attack on ATMs.
Smaller banks with less sophisticated security systems were believed to be most vulnerable to attack – with a scheme known as ‘ATM cash-out’ as the likely approach that the criminals might take. This is where crooks hack a bank or payment card processor and use cloned cards at ATMs around the world to fraudulently withdraw millions of dollars in just a few hours.
Banking experts and industry players fear this could be a ‘pilot run’ unless the authorities take the attack seriously. Essentially, this malware attack was not against any bank but rather, the banking system. It was carried out at international scale in a meticulously coordinated manner.
Alert type – Severe
How can I protect my enterprise?
To defend your company from the spread of malware, it’s essential that you are equipped to detect and defeat such threat in real-time.
These are our recommended immediate best practices:
Enterprises need to ensure that security is inbuilt end-to-end – starting at the very beginning. Protecting your network should be the #1 priority to safely extend your reach virtually anywhere. Solutions such as our Managed Security Services offer 24/7/365 security.