Scribd
Upload
9K views6 pages

Cosmos Bank Cyber Attack Case Study

1. In August 2017, hackers breached Cosmos Bank's server in Pune, stealing debit card details and carrying out over 12,000 fraudulent transactions across 28 countries totaling Rs. 94 crore. 2. The hackers were able to clone card details and transfer Rs. 78 crore out of India on August 11th. Another malware attack on August 13th resulted in a SWIFT transaction transferring funds to an account in Hong Kong. 3. As a result of the attacks, Cosmos Bank closed all ATM operations and online/mobile banking and filed police reports, realizing the scope of the cyber attacks.

Uploaded by

Emi Mahiban
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9K views6 pages

Cosmos Bank Cyber Attack Case Study

1. In August 2017, hackers breached Cosmos Bank's server in Pune, stealing debit card details and carrying out over 12,000 fraudulent transactions across 28 countries totaling Rs. 94 crore. 2. The hackers were able to clone card details and transfer Rs. 78 crore out of India on August 11th. Another malware attack on August 13th resulted in a SWIFT transaction transferring funds to an account in Hong Kong. 3. As a result of the attacks, Cosmos Bank closed all ATM operations and online/mobile banking and filed police reports, realizing the scope of the cyber attacks.

Uploaded by

Emi Mahiban
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Cosmos Bank Cyber

Attack Case Study


Cosmos Bank Private Ltd., Pune.
https://economictimes.indiatimes.com/industry/banking/fin
ance/banking/cosmos-banks-server-hacked-rs-94-crore-
siphoned-off

In August this year, Cosmos Bank became the latest victim


of a major cyber-attack. Hackers breached the bank’s ATM
switch server in Pune, stealing details of multiple Visa and
Malware Rupay debit card owners. The details were then used to
carry out around 12,000 fraudulent transactions across 28
attack on the countries on August 11 – with a further 2,841 transactions
taking place in India.
bank’s server The attack didn’t stop here. Two days later, on August 13th,
in another malware attack on the bank’s server, a SWIFT
transaction was initiated – transferring funds to the account
of ALM Trading Limited in Hanseng Bank, Hong Kong.
The total losses from the attack stand at INR 94 crore, or
13.5 million USD. Cosmos Bank was forced to close its ATM
operations and suspend online and mobile banking
facilities.
The Cosmos Co-operative Bank Ltd. (Cosmos Bank), established in 1906, is one of the
oldest Urban Co-operative Banks in India. ...

The bank is headquartered in Pune in its Corporate Office - Cosmos Tower near on
Ganeshkhind Road, Shivajinagar, Pune.

Headquarters: Pune, India


Products: Commercial Banking; Retail Banking; ...
Industry: Banking; Financial services
On August 11, the hackers cloned the card details and did over 12,000
transactions and transferred ₹ 78 crore out of India 1

The fraudulent transactions were carried out on 11 August and 13 August


2017 through 25 ATMs located in Canada, Hong Kong and a few in India (10 2
.00 PM IST)

Timeline A complaint has been filed with Pune police about the malware attack and
Cosmos Bank Cyber Attack the bank is doing internal audits to investigate the breach on 14 August 3
2017 (4.00 AM IST)

As a precautionary measure, the bank has closed all its servers and net
banking facilities, according to the official (14 Aug. 5.00 AM IST) 4

Realising the cyber attack, the bank then registered an FIR with the
Chatushringi police station on 14, August 2017 (6.00 AM IST) 5
Vulnerability #1 Vulnerability #2
Overall Summary
Infrastructure was not fully Multi Factor Authentication
Bank’s software and updated was not enabled for users.
infrastructure was not
fully updated. Most of
the data was saved on
premises server. File
server patch was not
installed though it was
scheduled. Lack of Vulnerability #4
Vulnerabilities communication between
different IT department Lack of training and
made situation more Vulnerability #3 education in IT security
worse. Team and users
IT security team was not iManage/File site patch was
fully equipped and not installed
trained to stop these kind
of attack. Users were not
properly educated to
save their personal
information.
Costs Prevention
•Back up data regularly – verifying data integrity and testing the restoration
• The total losses from the attack process
•Secure your offline backups – ensuring backups are not connected permanently
stand at INR 94 crore, or 13.5 to the computers and networks they’re backing up on
•Audit firewalls, servers and Intrusion Prevention System (IPS) configurations –
million USD. Cosmos Bank was block access to known malicious IP addresses & Server Message Block (SMB)
ports 139 and 445, and disable SMBV1 and Windows Management
Instrumentation Command Line (WMIC) in servers and Active Directory (AD)
forced to close its ATM operations •Patch operating systems, software and firmware on devices – use a centralised
patch-management system
and suspend online and mobile •Scan all incoming and outgoing emails – detect threats and filter executable
files from reaching end users using sandboxing
banking facilities. •Enable strong spam filters to prevent phishing emails – authenticate inbound
email using technologies such as Sender Policy Framework (SPF), Domain
Message Authentication Reporting and Conformance (DMARC), and Domain
Keys Identified Mail (DKIM) to prevent spoofing

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy