Receive our newsletter – data, insights and analysis delivered to you
  1. News
August 16, 2018

India’s Cosmos Bank hit by $13.4m fraud

India’s Cosmos Co-operative Bank (Cosmos Bank) has lost INR940m ($13.4m) to cyber attacks conducted over two days.

The attack is reported within days of FBI warning of possible global heist through ATM cash-out scheme.

According to the FIR filed by the Cosmos Bank, the cyber attack, conducted on 11 August and 13 August, breached the bank’s server that authorised the ATM transactions.

Subsequently, the hackers created a proxy server to authorise fake transactions with cloned ATM cards.

The transfer of funds was carried out through ATMs located across 28 countries including India, Hong Kong and Canada.

According to local media sources, the fraudsters transferred INR805m in 14,849 separate transactions, while the remaining amount was siphoned through the SWIFT network.

A police officer who is investigating the heist told “Based on the transactions, the origin of the attack is Hong Kong. We are studying the malware to see where else it could have been introduced and which institution might be attacked next.”

Following the attack, Cosmos Bank has closed its internet banking services.

The attack may have also compromised the personal details of nearly 500 customers, a figure which is anticipated to rise.

Established in 1906, Cosmos Bank is one of the oldest urban co-operative banks in India.

In June, the central bank of the country, Reserve Bank of India (RBI), issued an order to upgrade ATMs with new software by June 2019.

Most of the ATMs in the country are still using old operating systems making them more vulnerable to cyber attacks.

Topics in this article: ,
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday. The industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy