Presentation on cosmos

bank cyber attack

Presented by- Anuj

jain
 Cosmos bank
• The Cosmos Co-operative Bank Ltd. (Cosmos Bank), established in
1906, is one of the oldest Urban Co-operative Banks in India.
•  It is one of the first co-operative banks in the country to
implement core banking system(CBS) across the entire network.
• The bank is headquartered in Pune in its Corporate Office at
Cosmos Tower.
About attack
• Malware attack

• The bank faced a Cyber-attack on its ATM Infrastructure on

11th August 2019 and again on SWIFT Infrastructure on 13th
August 2018.

• This attack was the biggest ever, damaging and well planned
in the history of the Banking Industry.
How the attack was carried out?

• The core banking system of the bank receives debit card payment requests via a ‘switching
system’. During the malware attack, a proxy switch was created and all the fraudulent
payment approvals were passed by the proxy switching system.

• When depositors withdraw money at ATMs, a request is transferred to the respective

bank’s CBS. If the account has sufficient balance, the CBS will allow the transaction. In the
case of Cosmos Bank, the malware created a proxy system that bypassed the CBS.
•
While cloning the cards and using a parallel or proxy switch system, the hackers were able
to approve the requests.
 Who carried out the attack?
• In the cyber-attack, the attackers operated from 29 countries and more than 12000
transactions worth Rs.81.99 crore were carried out through ATMs using VISA Debit cards
and 2800 transactions worth Rs.2.75 crore from domestic ATMs through Rupay Cards were
withdrawn within just four hours.

• Again, total Rs.13.92 crore was transferred fraudulently to the account of M/s. ALM Trading
Limited having account with Hang Seng Bank, Hong Kong through cyber-attack on SWIFT
Payment Gateway.

• The attack has been attributed to Lazarus, a state-sponsored threat group believed to be

connected to North Korea's ruling party.
 • Identified hackers siphoned Rs 94.42 crore through ATMs
and online transfers.

• Rs 13.92 crore via Swift transfers.

Financial • Due to this incident, doubts and fear was raised in the
minds of customers regarding the position of the bank

Loss which resulted in some of the customers choosing to

withdraw deposits prematurely.

• Bank faced premature withdrawal of term deposit of

approx. Rs.500 crore and saving deposits amounting to Rs.
415 crore and lost Rs.3.70 crore from card commission due
to this cyber-incident.
How company resolved
the incident
• The bank has shut down its internet banking operations and website.

• Immediate action was taken, and the bank requested Hang Seng Bank in Hong Kong to hold
the amount. With the assistance of Hong Kong Police and the judicial support bank
recovered Rs.8 crore.

• Police said most of those arrested were mainly involved in withdrawing money from
different ATMs using cloned cards of Cosmos Bank, as per instructions from handlers. Police
suspect that racketeers gave them some part of the money they withdrew as commission.
What bank did later to
improve the security
• After this incident as per instructions of forensic investigators, the Bank has
implemented security measures for ATM Switch Server and SWIFT Server for
Cyber Security.
• Series of training were conducted for improving the cyber security awareness
of all the employees.
• Bank has started using Next Generation Endpoint Protection Solution instead
of traditional Anti-Virus Solution to neutralize advanced and resilient virus.
Thank you