Cosmos Bank, a co-operative bank based in India with an over 100 year-old history was hit with a globally coordinated attack between August 11th to August 13th. Attackers appeared to coordinate with what is suspected to be several individuals to siphon $13.4 million dollars (Rs 94 crore).
Although many details are not confirmed regarding the incident, reporting so far details that over 14,000 ATM transactions within 28 countries are under investigation that were suspected to steal Rs 78 crore from the bank. The ATM transactions took place in various countries such as Canada, Hong Kong, and India. Additionally, around Rs 13.92 crore ($1.8 milion) was transferred on August 13th to Hong Kong using fraudulent transactions targeting the SWIFT system the bank uses for financial transactions.
It is unconfirmed but suspected that the attackers may have compromised the firewall that protects the servers that authorize ATM transactions. There may have been a some type of setup or redirection that may have allowed ATM withdrawals without actually checking whether cards were genuine that were being used to make the withdrawals. The bank has alerted the authorities and a police investigation is taking place.
Please note the level of complexity and coordination for this attack is extremely advanced. The coordinated withdrawals of ATMs all over the world would likely indicate the presence of several individuals involved with this particular campaign.
Proficio Threat Intelligence Recommendations:
- Monitor government agencies for intelligence around global hacking campaigns that may affect the organization
- Validate infrastructure that processes SWIFT transactions and ATM withdrawals cannot be hacked through organized penetration testing..
General Information – Click Here