Cosmos is one of the oldest cooperative banks
in the country, established in 1906.
The investigation being conducted by the cyber cell of Pune police will get technical support from the Maharashtra Computer Emergency Response Team, which is also conducting a parallel probe.
According to sources, hackers transferred Rs 805 million from bank accounts at Cosmos Bank to a foreign bank in 14,849 separate transactions through debit cards. Then, they conducted another attack to steal Rs 139 million through the SWIFT network.
The bank’s VISA and RuPay debit card systems, supported by the National Payments Corporation of India, were also compromised. The personal and financial information of about 500 customers was stolen. Police officers said this number could rise. The bank has shut down its internet banking operations and website.
The police officer said, “Based on the transactions, the origin of the attack is Hong Kong. We are studying the malware to see where else it could have been introduced and which institution might be attacked next.”
Experts said banks
needed to be better prepared to deal with such malware campaigns. “Malwares used in cyberattacks now are fairly advanced and have the ability to suppress alerts. Banks
need to have end-to-end cyber security to prevent such attacks,” said Siddharth Vishwanath, partner and cybersecurity advisory leader at PwC India.
He added that larger banks had a more elaborate cybersecurity, but smaller, cooperative banks did not.
The Reserve Bank of India (RBI) has instituted a clear cybersecurity framework for financial institutions. A quick look shows this is addressed only to scheduled commercial banks (and rural banks), non-banking financial companies, small finance
banks and payments banks. There is no specific cyber-security guideline for cooperative banks.
For instance, the guidelines call for all commercial banks to have a board-approved cyber-security policy. A chief information security officer should be appointed to the board and a clear cyber crisis management plan should be put in place, in addition to information and data security.
Experts, both in the private sector and in the police, said it would usually take between one to three weeks to conduct a thorough analysis of the attack to understand how it was done. However, even after identifying the source and origin of the attack, the legal proceedings were extremely difficult, time-consuming, and involved other jurisdictions.
In March 2017, Quick Heal Technologies notified bank management of the vulnerability on its website. In its report, Quick Heal said banks must update their “Windows Operating Systems with the latest security patches and use security solutions.”
Most cyberattacks or hacks take place because of the lax attitude from institutions when it comes to ensuring their computer networks are secured and are updated with the latest operating systems and security protocols.
PwC’s Vishwanath said while an information technology or security audit was required across the cooperative banking industry that was only a step in addressing the larger problem of a fundamental under-investment in cybersecurity solutions.