Posts

TARGET – Cosmos Global Bank Hack

Cosmos Bank, a co-operative bank based in India with an over 100 year-old history was hit with a globally coordinated attack between August 11th to August 13th. Attackers appeared to coordinate with what is suspected to be several individuals to siphon $13.4 million dollars (Rs 94 crore).

Although many details are not confirmed regarding the incident, reporting so far details that over 14,000 ATM transactions within 28 countries are under investigation that were suspected to steal Rs 78 crore from the bank. The ATM transactions took place in various countries such as Canada, Hong Kong, and India. Additionally, around Rs 13.92 crore ($1.8 milion) was transferred on August 13th to Hong Kong using fraudulent transactions targeting the SWIFT system the bank uses for financial transactions.

It is unconfirmed but suspected that the attackers may have compromised the firewall that protects the servers that authorize ATM transactions. There may have been a some type of setup or redirection that may have allowed ATM withdrawals without actually checking whether cards were genuine that were being used to make the withdrawals. The bank has alerted the authorities and a police investigation is taking place.

Please note the level of complexity and coordination for this attack is extremely advanced. The coordinated withdrawals of ATMs all over the world would likely indicate the presence of several individuals involved with this particular campaign.

Proficio Threat Intelligence Recommendations:

  • Monitor government agencies for intelligence around global hacking campaigns that may affect the organization
  • Validate infrastructure that processes SWIFT transactions and ATM withdrawals cannot be hacked through organized penetration testing..

General Information – Click Here

TARGET: Two Major Canadian Banks Breached

Two Canadian banks claim to have been breached by attackers this week. Simplii Financial which is owned by CIBC, has claimed that it may have lost personal and account information for over 40,000 bank customers. The Bank of Montreal then followed this news by claiming that they too had been breached and lost up to 50,000 individuals’ personal and account information.

The attackers had tipped off both banks that they possessed the data and threatened to take the information public if they were not paid one million dollars worth of cryptocurrency each. Based on the nature of the situation, both banks decided to go public and not give in to the attacker’s demands.

The attacker’s actions are unusual compared to recent trend of events. Most recent “ransom” attacks have involved gaining control of assets within an organization and then encrypting the contents held within those assets using ransomware. In this particular attack, the attackers attempted to blackmail the banks by threatening to release information regarding the breach if the banks did not pay up.

The method of how the banks were breached are unknown at this time. It is suspected that the attackers may have targeted some type of account reset feature held on servers that store user account information. They may have then used an application that had some type of algorithm that could access bank account numbers and then systematically pull user account information.

Proficio Threat Intelligence Recommendations:

  • Ensure the application security of password reset features on relevant applications
  • Enforce strict access controls and monitoring against assets that hold personal user information, especially banking applications that may hold bank account information.

General Info – Click Here