Indian Bank Loses $13.5m in Global Attack

An Indian bank has lost nearly 944m rupees ($13.5m) after hackers withdrew the funds from ATMs around the world and made other fraudulent SWIFT transfers.

Pune-headquartered Cosmos Bank claimed the attackers first stole customer information by installing malware on the firm’s ATM server, before conducting the globally co-ordinated withdrawals in 28 countries on August 11.

An alert from the FBI warned unnamed banks on Friday of an imminent “global Automated Teller Machine (ATM) cash-out scheme” but was unable to halt the sophisticated plot.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” it noted. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

The self-styled “leading co-operative bank in India” was also hit by three unauthorized transfers via SWIFT to a Hong Kong company’s account worth 139m rupees ($2m).

The lender claimed that the hackers managed to bypass the main switching system used for debit card payments.

“During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” it said in a press release seen by Reuters.

The case will bring to mind a series of high-profile raids on financial institutions over the past few years, many of them involving the SWIFT interbank transfer network.

Tamil Nadu-headquartered City Union Bank was targeted in February, when an alleged international group of hackers tried to make $2m worth of illegal transfers, although they only succeeded in getting half of that.

The run of attacks on lenders began with a major $81m raid on Bangladesh Bank back in 2016 which was subsequently blamed on the infamous North Korea-linked Lazarus Group.

What’s Hot on Infosecurity Magazine?