Last week, hackers targeted Cosmos Bank, based in Pune, in a multi-pronged attack to transfer over Rs 94 crore over multiple days to foreign bank accounts. Hackers used 12000 ATM transactions spread across 28 countries to withdraw INR 780 Million between 3PM and 10 PM IST on Saturday. Furthermore, INR 25 million was withdrawn from within India. To make the matters worse, INR 135 Million were transferred to a Hong Kong-based entity using the international fund transfer SWIFT facility.
Before we dwell further into this banking attack, coordinated ATM Cash-out attacks are the handiwork of money-mules whose sole task is to withdraw the cash from ATMs and then share the spoils for a small percentage of the profits, by way of buying Gift Cards, Wallet Recharges etc. with their peers. This is a booming sector and there are groups involved and specialized in conducting these coordinated/timed attacks.
It is surprising the note that 135 million INR were withdrawn from within India, which leads us to believe that many of the Indians are now being lured by the lucrative business of working as a money mule.
According to the officials, hackers infiltrated and installed a malware to steal debit card information and they also installed an application which allowed them to bypass the authentication mechanism for the swiped Debit Cards.
Although according to the RBI guidelines EVM chip-based cards are a standard to be implemented by Indian Banks, however not all banks and not all ATMs are fully compliant and they still process the Magnetic Strip of the cards. Furthermore, these guidelines are not enforced upon ATM Transactions originating from outside of India. In case of online transactions, the requirement of transaction authorization through OTP is applicable only to payment gateways located within India. Online Transactions through the outside of India have never asked for OTP and rely on the basic information which is easily available through various means (sic. Carding/phishing).
Although NCPI claims that its systems were not compromised, however by the sheer fact that numerous transactions were initiated from outside of India, and the failure of generating OTP for these Extra-Territorial Transactions of Indian Origin Cards, in itself is a breach and lays bare the fact that the present processes implemented to safeguard the systems are inadequate.
Furthermore, there has been an increase in attacks on SWIFT systems in the past few years, which calls for a complete revamp of the existing security mechanisms implemented for SWIFT transactions.
Banking Industry will have to address these existing security flaws so as to ensure that such attacks are averted and Banking Consumers are protected.
For more updates on the eScan blog, click here.