Major Cyber Attacks on Banking Sector in India
The onset of COVID has resulted in rapid digitization in the banking sector. Both front-end and back-end operations have now gone digital, and the new digital workforce has driven most banking sectors to go online. With all these growing technologies, cyber attacks are constantly increasing and attackers are actively looking for their victims for malicious cyber attacks to access sensitive data of banking and financial systems.
As the banking sectors depend on online banking, both mobile and web services tend to have weak security systems, making cybersecurity threats more and more prominent. Cybercriminals mostly target the banking sector to obtain customer and employee information and use it to steal bank data and money. According to official estimates, more than 2.9 million cyber security incidents related to digital banking were reported in 2020.
The Best Cyber Attacks on Banks and Financial Institutions
On April 6, 2022, Indian lending app CashMama reported a data breach that exposed customer data being invasively collected and stored. CashMama's Amazon S3 bucket was left open, exposing customers' personal data and other sensitive information.
The 2018 cyber attack in India took place at Cosmos Bank when hackers siphoned off Rs. 94.42 million crowns. Hackers hacked into the bank's ATM server and took all the card details and wiped money from 28 countries and immediately withdrew the amount as soon as they were informed.
Canara Bank's ATM servers were targeted in mid-2018. According to sources, more than 300 users' ATM details were compromised by attackers and Rs 20 crore was wiped from various bank accounts. Hackers used skimming devices to steal information and stole amounts up to 20 thousand rupees.
Homegrown payment processing platform Juspay reportedly compromised the data of more than 100 million customers. He claimed that the attacker released two sets of data on the Dark Web. One contained the email addresses and mobile numbers of 100 million customers and the other contained 46 million card transaction details.
领英推荐
In March, a large data set containing sensitive know-your-customer (KYC) data of 110 million customers associated with mobile wallet and payment company MobiKwik was put up for sale on a dark web hacking forum. The leaked data included Aadhaar cards, credit and debit card credentials, and customer mobile numbers.
Two million credit score records from Chqbook, an Indian FinTech startup, were found on the dark web. The leaked data included usernames, contact details, and detailed loan information. Hacker group ShinyHunters is believed to be responsible for the leak.
In November 2021, a cyber security firm found a vulnerability in the exchange servers of leading public sector bank Punjab National Bank (PNB) and claimed that the personal and financial information of nearly 180 million customers was exposed over a period of 7 months.
On September 23, 2019, security researchers reported that North Korean hackers had developed and embedded malware to steal payment information from Indian ATMs and banking institutions. The malware, known as ATMDtrack, began appearing on networks during the summer of 2018 and is believed to be attributable to the Lazarus Group, a hacking group that targeted banks, ATMs, and cryptocurrency exchanges to finance North Korea's weapons of mass destruction program.
On July 23, 2019, a security researcher reported that a small Indian financial institution, Jana Bank, left an exposed database containing information on millions of financial transactions. The Know Your Customer verification database was not password protected, so he could access, change or download the information. Jana Bank immediately secured the database as soon as it became aware of its exposure.
In February 2018, City Union Bank in India suffered a breach that allowed $1 million to be transferred to a Chinese institution. The attackers attempted to make three transactions totaling $2 million, sending money to Dubai and Turkey, but City Union Bank and the corresponding bank on the recipient side of the transfer were thwarted.
India’s Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have requested all the banks and government organizations to celebrate Cyber Jagrukta Divas on the first Wednesday of every month. Under this initiative, all the concerned organizations are advised to conduct monthly hour-long sessions to generate cybersecurity awareness amongst employees to increase their cyber resilience.?