India’s Cosmos Cooperative Bank In Hot Water After Online Theft

The NPCI (National Payments Corporation of India) has blamed the Cosmos Cooperative Bank for the ₹94.42 Crore theft due to a cyber attack. Cybercriminals had successfully transferred ₹94.42 Crore using a cloned debit cards of the bank’s depositors between August 11 and 13, 2018. “The NPCI’s systems are fully secure and this particular issue has occurred within the (Cosmos Bank’s) own IT environment. This has happened due to a malware-based attack on the bank’s IT system which has caused a fraud. Under the attack, maximum transactions have been reported from outside India. We wish to reiterate that our systems are fully secure, and we are monitoring the situation continuously,” said Bharat Panchal, Head Risk Management of NPCI.

NPCI has stood their ground for claiming that the issue is not caused by them, and they have monitored the suspicious bank transactions within the legal responsibility of Cosmos Cooperative Bank. The cyber attack happened in two stages, the first stage cost the bank a ₹80.50, apparently from multiple atm card swipes in 28 countries. The second wave of bank transfers to the tune of ₹13.92 crore happened as well, also using quick transactions through debits.

According to Milind Kale, Chairman of Cosmos Cooperative Bank, while the bank gateways were being hacked, the cybercriminals mobilize their teams from 28 countries to simultaneously withdraw the money, many are in small amounts to bypass the automatic red flags. The bank is one of the oldest cooperative banks in India, as an aftermath all of their ATMs in India were deliberately taken offline to prevent further unauthorized withdrawals.

The Indian banking sector is cautioned by authorities and highly advised to secure their infrastructure to prevent a repeat of the incident. The Reserve Bank of India has directed Indian banks to remove Windows XP and other obsolete software from their ATM fleet. Many banks are still using Windows XP for their ATMs, while the OS has been in unsupported status for four years, since 2014. At its current rate, 30% of all India’s ATMs are still running the old Windows XP operating system, an oasis for all hackers to take advantage of.

“Banking institutions are vulnerable to cyberattacks. Continuous monitoring, surveillance and incident response teams deployed on standby can be beneficial in preventing large-scale attacks,” explained Jayant Saran of Deloitte India.