Incident Of The Week: Indian Bank Loses $13.5M In Costly Cyber-Attack

Cosmos Bank Heist Came Via Simultaneous Withdrawals



Dan Gunderman
08/17/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a cyber-attack on an Indian bank that found nefarious actors lifting 944 million rupees, or $13.5 million.

The heist, at India’s Cosmos Bank in the nation’s western city of Pune, came via simultaneous withdrawals across 28 countries on Aug. 11, according to Reuters.

The attack method is believed to be malware injected on the automated teller machine (ATM) server, resulting in nearly 15,000 transactions in a little over two hours.

Reuters reports that the responsible hacker(s) also shifted 139 million rupees to the account of a Hong Kong-based company. It did so by using the SWIFT global payments network. Information about the transaction comes from a police complaint viewed by the media outlet.

See Related: Incident Of The Week: Attackers Breach Reddit Via SMS Intercept

In a statement on the cyber incident, Cosmos Bank said a “switching system” used to process debit card payments was circumvented amid in the attack. The institution stated: “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system.”

Law enforcement is now involved with the investigation. Experts are attempting to determine how the authorized payments were carried out simultaneously.

A similar attack using the SWIFT network – amounting to $2 million – hit India’s City Union Bank Ltd. in February. Bangladesh’s central bank also became a victim to a sizable cyber-attack ($81 million) in 2016; in that instance nefarious actors targeted the bank’s account at the Federal Reserve Bank of New York.

The financial industry is among one of the hardest hit in terms of cyber-attacks, as those institutions with lax controls can hemorrhage customer finances with relative ease.

See Related: Incident Of The Week: Cosco Shipping Faces Ransomware Attack


In a piece entitled “Financial Sector Security Remains At Forefront, Will Steer Cyber Policy,” the Cyber Security Hub previously wrote: “Banking, financial services and insurance (BFSI) cyber security controls have blazed trails for the wider industry, while remaining firmly beneath the microscope of today’s practitioners. Seismic shifts within BFSI security have often reflected into the wider plain; and that’s not something the industry takes lightly.”

What’s more, in a Computer Weekly piece at the same time, Deloitte partners Stephen Bonner and Nick Seaver called the financial sector a sort of “bellwether” for industry activity. According to the partners, financial happenings and the patterns around them are relevant to everyone.

Bonner previously told delegates at the 2018 IISP Congress in London that, “We think financial services is the canary in the coalmine.”

Case in point: A suspicious cyber-attack reportedly siphoned 300 million pesos ($15.33 million) from five companies (three banks, a broker and a credit union) in Mexico this May.

What’s more, earlier this year, the Cyber Security Hub also reported on a string of apparent distributed denial-of-service (DDoS) attacks that struck Dutch banks, along with the nation’s tax office.

As expected, the financial industry remains the space’s mostly highly visible target, and its controls and regulations also help steer wider cyber policy. It’s likely that dynamic will continue on for the foreseeable future.

Be Sure To Check Out: 'Demonstrating Business Value': Communicating Cyber Security ROI

RECOMMENDED