Bangalore: Pune based Cosmos Co-operative Bank suffered a major incident of cyber hack on August 11 and 13, when cybercriminals hacked into its servers and stole Rs 94.42 crore ($13.5 million) from ATMs in 28 countries, according to media reports.
The cyber hack incident has happened at a time, when the Federal Bureau of Investigation (FBI) had issued a warning to banks in the US against new attacks targeting cash at ATMs, reported Bloomberg.
The Cosmos Bank’s cyber hack was executed with an advanced malware, according to primary investigation. The cybercriminals behind this cyber hack are suspected to be the North Korea based Lazurus Group, which had a major hand in some of the cyber attacks, including the bank heists in Bangladesh, Poland and Sony Pictures leak in 2014.
The attackers had injected an advanced malware into Cosmos Bank’s servers and created a proxy switch to interact with payment gateways namely RuPay and VISA. This fake switch helped the fraudsters to get the approval of 12,000 transactions at ATMs across 28 countries, including India, which reported 2800 transactions, according to media reports.
A complaint has been lodged at the local police station against the unidentified cyber criminals involved in this cyber hack, but NPCI, which has provided the RuPay gateway, has blamed Cosmos Bank’s own IT environment for the resulted cyber hack.
“The NPCI’s systems are fully secure and this particular issue has occurred within the (Cosmos Bank’s) own IT environment. This has happened due to malware-based attack on the bank’s IT system which has caused a fraud. Under the attack, maximum transactions have been reported from outside India,” Bharat Panchal, Head of Risk Management – NPCI said in an issued statement.
The method employed to hack into bank’s ATMs across different locations is that latest technique, according to experts termed as ‘ATM jackpotting.’
The ATM jackpotting technique is basically an exploitation of both physical and software vulnerabilities in banking kiosks or dispensing machines such as ATMs. The incidents of ATM jackpotting were first reported in Latin America in 2017; however, there has been a rise in the number of such attacks in the US, Europe and Asia during 2018.
This new ATM jackpotting technique is putting banks under immense pressure to upgrade and enhance not just their information security, but also physical security of banking kiosks or ATMs.
In fact, many of Indian banks still run their ATMs on outdated Microsoft Windows software operating system (OS) such as Windows 7 and could easily become the next victims of ATM jackpotting.
“Banking institutions are vulnerable to cyber attacks. Continuous monitoring, surveillance and incidence response teams deployed on standby can be beneficial in preventing large scale attacks,” said Jayant Saran, Partner – Deloitte India.
“Further, enabling a periodic and secure restore point and a volume shadow copy of all major applications and systems can also help in minimizing impact and downtime when banking institutions are faced with the next external intrusion attempt,” added Saran.
Robust security systems and incidence response capabilities are imperative for all companies and financial institutions that are custodians of customer data and customer assets, including funds, according to Nikhil Bedi, Partner – Deloitte India.
“While there is growing awareness to regularly update an organisation’s cyber preparedness and defence mechanisms; a large number of institutions wake up to this reality only post an incident which often leads to a loss of reputation and/or financial misappropriation,” concluded Bedi.