[Aug 16, 2018]
Hackers siphoned off more than Rs 94 crore by hacking into the switch server of Pune-based Cosmos Bank by cloning Visa and RuPay debit cards between August 11 and August 13.
The details were used to carry out around 12,000 transactions worth Rs 78 crore in 28 countries on August 11. In India, 2,841 transactions worth Rs 2.50 crore were carried out.
The attack did not stop here. On August 13, in another malware attack on the bank’s server, a SWIFT transaction was initiated and Rs 14.42 crore was transferred to the account of ALM Trading Limited in Hanseng Bank, in Hong Kong.
Payment experts say the fraud involved breaching the firewall in servers that authorize ATM transactions.
After this, a proxy server was created and transactions authorized by the fake or proxy server.
This meant that the ATMs were being directed to release money without checking whether the cards were genuine or or whether there was a bank account.
Cyber Security Tips: (For Banks)
- Banks should have a two factor authentication of login in their application server which will help negate insider job in case of a hacking.
- A vulnerability assessment by bank every three months is a must. Another step suggested for web-based applications is penetration test to check what the loopholes are and how vulnerabilities are used to exploit the system.