In today’s digital age, the threat of hacking looms large over businesses, transcending the realm of individual or retail customers to encompass vast sums of money and sensitive data. While previous discussions under the Jankar Baniye series explored frauds impacting individuals or small transactions, in case of small businesses, the perils of hacking extend far beyond, potentially involving not only lakhs but even crores of rupees.
Hacking, a sophisticated and meticulously orchestrated endeavour, often targets businesses, corporations, and financial institutions, leading to devastating data breaches. This article delves into a significant incident which led to Rs 90 odd crores getting siphoned off from a mid-sized bank with authorization for international market dealings. It also tries to provide simple steps which can go a long way for businesses towards preventing from falling prey to hackers.
Glimpse into hacker’s world
Hackers are perpetually on the hunt for vulnerabilities that grant them access to substantial financial reserves. A few years ago, these hackers meticulously examined a mid-sized bank’s IT system weaknesses and infiltrated their infrastructure using malware. Their tactics included social engineering, International Visa and RuPay debit card cloning, and the utilisation of money mules. Additionally, international accomplices were potentially involved to facilitate overseas fund transfers.
Anatomy of the heist
The hackers initiated their assault by sending targeted phishing emails- to key personnel in the bank’s cybersecurity and IT departments. Through social engineering tactics, they cunningly manipulated unsuspecting employees who possessed access to critical digital systems. Patiently, the hackers progressed step by step, exploiting different individuals until they gained administrative access.
This pivotal breakthrough enabled them to implant malware directly into the bank’s switch, effectively assuming control at the server level. This, in turn, granted them the authority to approve transactions, altering the dynamics of interactions between the ATM server and the Core Banking System (CBS), as well as the SWIFT server for international remittances.
By severing communication between the switch and the CBS, the hackers established a sinister foundation. With their firm grip on the server-level administrator profile, they side-stepped the CBS for transaction approvals linked to a specific set of debit cards. They replicated this manipulative manoeuvre within the SWIFT workflow, manipulating the prerequisites for international foreign exchange remittances.
With the technical groundwork in place, the hackers awaited the completion of on-ground money mule (people moving illegally acquired money for others) activation across more than 20 countries. These individuals, often marginalised labourers, were systematically orchestrated to withdraw illicitly acquired funds using cloned debit cards. Orchestrated with meticulous precision, these money mules, armed with multiple cards, would descend upon ATMs, dispensing funds across the globe in a coordinated frenzy.
In a choreographed symphony of crime, the stolen wealth flowed effortlessly into the hands of the orchestrators, bypassing CBS authentication layers due to their premeditated manipulations which were initiated via access to the systems through phishing emails.
Cybersecurity & its pillars
In a landscape fraught with cyber threats, businesses must prioritise robust data protection and cybersecurity measures. This not only shields against financial jeopardy but also safeguards brand reputation.
Embracing the three fundamental principles — Patches, Passwords, and Phishing — can form the bedrock of defence against potential ransomware attacks and data breaches.
Patches: Implementing regular software updates, also known as patches, are critical for operating systems, applications, and software suites like Microsoft Office. These updates incorporate security enhancements that counter evolving cybercrime tactics, effectively plugging vulnerabilities.
Passwords: Relying on easily guessable/hackable passwords like ‘password123’ is a recipe for disaster. Reusing passwords across multiple platforms further exacerbates the risk. The imperative is to create robust, complex passwords comprising a mix of upper and lower case letters, numbers, and special characters (example, Zyx@9876). Activating two-factor authentication further fortifies account access.
Phishing: The foremost delivery method for malware, phishing involves deceptive emails from seemingly legitimate domains. These messages entice recipients to click on fraudulent links or download malicious attachments. Vigilant employee training, regular data backups, and a solid response plan are vital in combating phishing attacks.
Knowledge is power
Regardless of one’s cybersecurity proficiency, disseminating knowledge of the three ‘P’s (Patches, Passwords, and Phishing) within an organisation serves as a pivotal step toward enhancing cybersecurity. Each employee’s understanding of these core tenets establishes a formidable foundation for a united front against cyber threats. In the realm of cybersecurity, knowledge is power.
(Salil Datar has over three decades experience (including CXO level) in banking, neobanking and cross border financial services)
