India’s Cosmos bank suffers global ATM cash-out attack

India’s Cosmos cooperative bank has suffered a major global ATM cash-out attack losing Rs 94.42 crore (Euro 12 million approx) in 14,849 transactions between 11 August and 13 August 2018.  The illicit ATM withdrawals took place in at least 28 countries.

On 11 August hackers are believed to have stolen information of the bank’s Visa and Rupay card customers through a malware attack on its ATM (switch) server which led to an initial loss of Rs 80 crore.  According to local police 12,000 transactions were made using Visa cards, which saw Rs 78 crore illegally withdrawn from ATMs in 28 countries, while a further Rs 2 crore were transferred through 2,489 Rupay card transactions in India.

In a second attack on 13 August the hackers initiated SWIFT transactions and transferred Rs 13.92 crore to an account in a Hong Kong-based bank, from where the money was quickly withdrawn.

Cosmos Bank Chairman Milind A. Kale said  “We suspect the malware attack to be done from Canada. The money was withdrawn from ATM machines from 28 countries through around 12,000 international transactions and around 2,849 domestic transactions. The transactions were carried out using fake debit cards. The deposit of account holders is safe and intact. However, as a precautionary measure, we have stopped the online system for two days.”

This attacks comes just days after the US Federal Bureau of Investigation (FBI) issued a confidential alert, warning that cyber criminals were planning an unlimited global ATM cash-out operation.  More details of this can be found on the website Krebs On Security

EAST has worked with Europol to produce guidance and recommendations to counter logical attacks on ATMs, which are now available in four languages. These guidelines are under review and an updated version is expected to be released later this year.