In one of the largest cyber heists in India, hackers siphoned off approximately INR 94 crore (~USD 11.5m) from a bank in India over a span of just two days. The attack was carried out using sophisticated malware that targeted the bank's ATM switch server. The attackers used this malware to clone thousands of debit cards, which were then used to make withdrawals from ATMs across 28 countries.
- Implementing MFA (Multi-Factor Authentication) for all internal systems would have added an extra layer of security, making it more difficult for attackers to gain unauthorized access even if they had stolen credentials.
- Regular security audits and penetration testing could have identified vulnerabilities in the ATM switch server and other critical systems, allowing the bank to address these issues before they could be exploited.
- Network segmentation would have limited the spread of malware by isolating critical systems, such as the ATM switch server, from other parts of the network. This containment strategy can prevent attackers from moving laterally within the network.
- Deploying advanced threat detection systems, such as Intrusion Detection Systems (IDS), Breach & Attack Simulation (BAS) and Security Information and Event Management (SIEM) solutions, could have helped detect anomalous activities early.
- Regularly updating software and applying security patches promptly would have mitigated the risk of exploitation by closing known security gaps. An effective patch management strategy ensures that all systems are up-to-date with the latest security fixes.
- Conducting regular cybersecurity training and awareness programs for employees can reduce the risk of social engineering attacks. Educated employees are better equipped to recognize and avoid phishing attempts and other deceptive tactics used by cybercriminals.
Lets connect to build your cybersecurity strategy
