Cyber criminals stole over Rs 94 crore from a Pune headquartered Cosmos Bank. The money was allegedly transferred to accounts outside India. The server hosted at Pune had been attacked on August 11 and 13 exploiting bank’s ATM switch vulnerability. Bank’s management filed an FIR for it on Tuesday, August 13 at 1 am at Chatushrungi police station.
A senior cyber security office from Pune has said that the money trail lead them to an account of ALM Trading at Hang Seng from Hong Kong. According to sources, hackers transferred Rs 80.5 crore from bank accounts at Cosmos Bank to a foreign bank in 14,849 separate transactions through debit cards. Then, they conducted another attack to steal Rs 13.9 crore through the SWIFT network.
Cosmos is one of the oldest cooperative banks of India, established in 1906. Pune cyber cell is investigating into the cyber attack deeply. Maharashtra Computer Emergency Response Team is also providing them with technical support.
Cyber Attacks today are multi-pronged and can start with just from a malware being downloaded on a mobile or any device in the network or via even 1 single web page being hacked. In the case of Cosmos Bank, a proxy switch was created and all the fraudulent payment approvals were passed through the proxy switching system. Normally, the Core Banking System (CBS) receives debit card payment requests via its “Switching System”.
It is high time for BFSI Domains to take their cyber security aspects seriously and work on improving it. In a survey last year, India stood 7th in the list of most targeted countries for ransomware.
Some best practices for maintaining cyber security in BFSI sector are:
• Awareness about updating the software’s, upgrading the hardware’s is a must. The better the information available to user, the more vigil they will become.
• Regular updating of software patches in organizations as prescribed by the MSSPs. Regular stock of the existing technologies, its effectiveness and required upgrades over a period.
• Hands-on connect with the industry body like CERT etc which can help diffuse information quickly.
Indian BFSI companies need to make smart choices of vendors with perfect infrastructure to store their sensitive data within the nation. Logix Infosecurity being into data security domain since last 18 years is helping clients with Data Storage maintaining appropriate protection standards and assuring data safety.