Pierluigi Paganini August 17, 2018

Cosmos Bank, one of the largest Indian cooperative banks, confirmed it was the victim of a cyberheist, over the weekend hackers stole over 940 million rupees ($13.5 million) in three days.

Hackers stole over 940 million rupees ($13.5 million) in three days from the Indian cooperative Cosmos bank. The Cosmos bank publicly disclosed the attacks in a press conference on Tuesday, according to the financial institution, the hackers stole the funds in three attacks using a malware.

“Hackers managed to siphon off over Rs 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a top official said.” reports the economictimes.indiatimes.com.

According to Cosmos Bank chairman Milind Kale, the attack was launched from Canada, but likely the country was used as a relay for the attack.

The first two security breaches occurred on August 11 when hackers withdrew 805 million rupees ($11.4 million) through 14,849 ATM transactions across 28 countries.

“The fraudulent transactions were carried out on August 11 and August 13 and the malware attack by the hackers originated in Canada, Cosmos Bank chairman Milind Kale told reporters here today.”

“In two days, hackers withdrew a total Rs 78 crore from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India, and another Rs 2.5 crore were taken out within India,” he said. 

“On August 13, hackers again transferred Rs 13.92 crore in a Hong Kong-based bank by using fraudulent transactions.”

In the first wave of attacks, crooks stole 780 million rupees ($11 million) through 12,000 ATM withdrawals via the VISA card system. Most of the fraudulent transactions were made overseas.

The second wave of attacks was launched two hours later, cybercriminals withdrew an additional 25 million rupees ($400,000) via 2,849 ATM transactions via the Rupay debit card system at ATM locations across India.

The good news is that the Cosmos Bank detected the fraudulent transactions and halted them, but its staff was not able to lock out the attackers.

On Monday, August 13, the hackers launched a third wave of attacks targeting the SWIFT system. Crooks made three fraudulent transactions to a bank account in Hong Kong for a total of Rs 13.92 crore rupees ($1,8 million).

The good news is that money wasn’t stolen from customer accounts, the bank reported the incident to the authorities and it is currently investigating the attacks with the support of a forensic agency.

“On Saturday afternoon, the bank came to know about malware attack on its debit card payment system and it was observed that unusual repeated transactions were taking place through Visa and Rupay cards used at various ATMs for nearly two hours,” Kale added. 

Crooks used a “parallel” or proxy switch system while cloning the cards, all the fraudulent payment approvals were passed by this proxy mechanism.

Anyway, Kale confirmed that the core banking system was not affected by the malware attack.

Stay tuned…

Pierluigi Paganini

(Security Affairs – Cosmos Bank, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]