Indian Bank Loses $13.5m in Global Attack: An Indian bank has lost over 944m rupees ($13.5m) after the hackers withdrew the funds from ATMs around the world and made other fraudulent SWIFT transfers.
Pune-headquartered Cosmos Bank claimed that the attackers have first stolen the customer information by installing the malware on the ATM server, before conducting the globally coordinated withdrawals in 28 countries on August 11.
R E A D M O R E
Alert from FBI warned unnamed banks on Friday of an imminent “global Automated Teller Machine (ATM) cash-out scheme” but was unable to halt the sophisticated plot.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” it noted. “The FBI expects the ubiquity of this activity to continue or possibly increase the near future.”
The self-styles “leading co-operative bank in India” was also hit by three unauthorized transfers via SWIFT to a Hong Kong company’s account worth 139m rupees ($2m).
The lender claimed that the attackers have successfully bypass the main switching system that was used for debit card payments.
“During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” it is said in press release seen by Reuters.
This case will for sure bring high profile raids on financial institutions over the past few years, many of which do involve the SWIFT interbank transfer network.
Tamil Nadu-headquartered City Union Bank was targeted in February, when an alleged international group of hackers tried to make $2m worth of illegal transfers, although they only succeed in getting half of that.
The run of attacks on lenders started with a major $81m raid on Bangladesh Bank back in 2016 which was subsequently blamed on the infamous North Korea-linked Lazarus Group.