Recent Breaches in Financial Sector – What Cybersecurity Industry Has to Say

Late month, a number of top banks in the country including SBI, HDFC, ICICI, Yes Bank and Axis Bank reported security breaches. Such was the cyberattack that, the number of affected cards went up from 600K to 3.2 million in a 24 hour time frame. SBI in particular was affected by malware, a type of software which is designed to disrupt or damage a computer system.

This clearly shows that from banks to boardrooms, any data on the digital grid is up for grabs. To have hackers breach through such sensitive data and compromising such personal data, there is a clear need to beef up security measures. Here’s what the Cybersecurity Industry has to say:

“It is an ongoing investigation at the moment. However it’s important to note that when it comes to notifying victims and helping to mitigate the threat, Kaspersky Lab’s practice is to collaborate with local CERTs and law enforcement agencies. Effective public-private partnerships are absolutely essential in the fight against cybercrime to maintain global security. As we are seeing more and more sophisticated attacks – many of which have a global impact – partnerships and information exchange between cybersecurity companies and the private sector are becoming increasingly valuable.

Additionally, Kaspersky Lab cannot confirm or deny breach at SBI. But usual “modus operandi” in such incidents with attacks against banks is – spearphishing email with malicious attachment. After initial infection the attackers uploads to the victim additional tools and started lateral movement inside banking internal network.It takes few weeks for them to gain access to bank servers and system administrators account. After that, they can make a money transfers – and cashing out via different ways – SWIFT transfers, from ATM, etc.

A few months ago, a research by Kaspersky Lab revealed the ATM machines’ outdated communication standard leaves them open to attack. ATMs can be easily hacked, malware can be installed & funds could be stolen. Almost any ATM in the world could be illegally accessed and jackpotted with or without the help of malware. The main reason for this is the widespread use of outdated and insecure software, mistakes in network configuration and a lack of physical security for critical parts of the ATM
.
The results of the research shows that even though vendors are now trying to develop ATMs with strong security features, many banks are still using old insecure models. Many ATMs studied by Kaspersky were running Windows XP, which is no longer supported by Microsoft. This means their security isn’t up to date and malicious malware can be installed without too much effort.”

“When it comes to cyber security, many Indian firms prefer to throw people at the challenge at the expense of investing in robust technology and intelligence capabilities. As a result, some Indian businesses are massively underinvested in technology to detect and respond to attacks, and this leaves them very vulnerable to targeted attacks. Unfortunately, cyber security issues cannot be addressed by people alone. Expertise is very important, but the challenge requires a combination of technology and threat intelligence for those people to be effective. We also see a huge investment in certifications and compliance, but very little investment in hunting for adversaries who could be breaching Indian businesses. As a result, many Indian business leaders mistakenly think their security and risk efforts are effective, but attacks can actually remain invisible and undetected for extended periods of time.”