Cosmos Bank, known as India’s second-largest cooperative bank, has been breached by hackers, and a total of 940 million rupees, or $13.5 million, were stolen. More specifically, attackers stole customer details via a malware attack on the bank’s ATM servers, and succeeded in transferring money to a Hong Kong-based company’s account.
The hack is still under investigation, and the exact time of the intrusion hasn’t been specified yet. However, representatives of the bank have said that the attack on the bank’s accounts happened in three stages, in the range of three days.
More about the Attack on Cosmos Bank
Cosmos bank said unidentified hackers stole customer information through a malware attack on its automated teller machine (ATM) server, withdrawing 805 million rupees in 14,849 transactions in just over two hours on Aug. 11, mainly overseas, Reuters recently reported.
In addition to the ATM attack, the hacking group also transferred 139 million rupees to a Hong Kong-based company’s account by issuing three unauthorised transactions over the SWIFT global payments network.
Cosmos Bank, which is based in the western city of Pune, officially stated that its main banking software receives debit card payment requests via a “switching system”. Unfortunately, the system was bypassed in the attack. “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the statement said.
Three Stages of the Attack
As mentioned in the beginning, the attack on Cosmos bank unfolded in three stages.
The first stage involves 12,000 withdrawals via the VISA card system which led to the theft of 780 million rupees ($11 million). Most of these transactions happened mainly overseas. The bank, however, hasn’t specified where exactly.
The second wave of the attack was initiated two hours later when cybercriminals withdrew an additional amount of 25 million rupees ($400,000) via 2,849 ATM transactions based on the Rupay debit card system at ATM locations across India.
After the completion of the first stages, hackers remained in the bank’s network. On Monday, August 13, a third theft took place via the bank’s SWIFT inter-banking system. Attackers successfully initiated three transactions to a bank account in Hong Kong for another 139 million rupees ($2 million).
The bank says that the money wasn’t stolen from customer accounts, and that all losses will be supported by the bank, in accordance with international banking standards.
The technical aspect of the hack is still being investigated. For now it is known that hackers used the so-called proxy switch to funnel fraudulent payment approvals. As to who is responsible for the attack on Cosmos Bank, evidence suggests that the attack came from Canada. However, it is more likely that attackers have masked their real location.
It is interesting to note that security researcher Brian Krebs recently reported that the FBI is warning banks of cybercriminals about to carry out a “highly choreographed, global fraud scheme known as an “ATM cashout,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours”.