Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend.

India’s Cosmos Bank, based in the western city of Pune, suffered an attack which saw hackers use malware to steal customer information from the company’s ATM server, and then use that data to clone thousands of Visa and RuPay debit cards.

The debit cards were then used over the course of the weekend in a number of countries including Canada, Hong Kong, and India. In all, 14,859 transactions were made at cash machines – stealing a total of 805 million rupees.

To add insult to injury, the hackers also transferred 139 million rupees to a Hong Kong-based bank account by ordering three unauthorised transactions over the SWIFT inter-bank communication network.

SWIFT (the Society for Worldwide Interbank Financial Telecommunications) is the system that is normally used by banks to send money securely to each other around the world.

However, in recent years cybercriminals have targeted the finance industry’s usage of SWIFT to attempt to steal large amounts of money. Perhaps the most notorious incident occurred in February 2016, when hackers attempted to transfer $951 million from a Bangladesh bank to accounts in the Philippines, successfully making off with a (still impressive) $81 million.

Similar attacks have plagued banks worldwide as they have been targeted with bespoke malware.

Cosmos Bank told the press that the attackers managed to bypass a debit card payment request “switching system” used by its main banking software during the attack:

“During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system.”

The (Read more...)