Hackers Steal $13.5 Million from Cosmos Bank across 3 days 

Banks remain a favorite target of cyber criminal activities. Use of internet, virtualization and digitization has eased our business and dealing with money. On the other hand it has also escalated cyber crime activities.

In order to ameliorate the performance of financial transactions such as cash withdrawals, deposits, fetching account information, transfer funds etc the idea of cash machine was proposed in 1967. Since then these cash machines known as ATMs (Automated teller Machines) are widely used and besides offering convenience to the customers, they have also proven beneficial in reducing the workload of bank’s staff.

With the growing cyber crime activities, undertaking precautions and regularly updating cyber preparedness and defence mechanism is important. However a large number of institutions stir up only post an incident that causes financial misappropriation or loss of reputation.

Recently Cosmos Bank, India’s second largest cooperative bank suffered a breach on its servers that led hackers steal $13.5 million (approx 944 million rupees) over the weekend. Hackers carried out series of attacks in 2 hours across 28 countries to swindle bank accounts out of 805 million rupees in 14,849 transactions.

Hackers Steal $13.5 Million : Three stages of attack

Cyber miscreants are known to have launched a malware attack on ATMs to steal customer information and deprive bank accounts of its millions of dollars.

The attack was carried out in three stages:

Stage 1: It included 12,000 ATM withdrawals for 780 million rupees ($11 million) via VISA card system. The transaction is mainly known to have occurred overseas.

Stage 2: This attack occurred 2 hours later and involved 2,849 ATM transactions that resulted in the loss of 25 million rupees ($400,000). The attack was executed ATM locations across India.

Stage 3: In order to add fuel to the fire, apart from these withdrawals, hackers transferred 139 million rupees to Hong Kong based company’s accounts in 3 unauthorized transactions over SWIFT (the Society for Worldwide Inter-bank Financial Telecommunications) inter-bank communication network.

SWIFT is a system that provides a network normally used by banks worldwide for secure and standardized financial transactions.

How was the attack organised?

Cosmos Bank, based in the western city of Pune alleges that the threat actors bypassed the “switching system” to carry out the attack. It stated that in order to receive debit card payment requests, the banking software makes use of “switching system”.

A malware attack was launched prior to withdrawing the amount, to create a proxy switch. This proxy switch was used to pass all the fraudulent payment approvals.

Current evidences suggest that the attack was based in China, but most probability it is a relay point that attackers used to hide their original location.

The bank reveals that the core banking system has not been compromised and also customer’s accounts were left untouched. The bank further claims to bear all the loss.

Other similar attacks

A flurry of other similar attacks on financial institutions is known to have occurred in the past. For instance:

1. India’s City Union Bank Ltd is known to have suffered a loss of nearly $2 million as a result of fraudulent remittances that occurred over SWIFT financial platform.
2. In 2016, Bangladesh’s central Bank account was swindled of $81 million when attackers transferred this money to bank accounts in Philippians.

Attackers have so far made a little progress in these cases.

It is high time that banks and other financial institutions realise the importance of implementing strict safety measures to avoid any unforeseen hazards.