Indian bank Cosmos loses £10m in ATM hack across 28 countries
CYBER criminals have hacked cash machines in 28 countries to loot more than £10m from an Indian bank.
Hackers infected the bank’s credit card payment system with malware, which allowed them to approve transactions and access client accounts.
Fake credit cards were then used to force ATMS around the world to dispense cash worth about $13m (£10m) until they were empty.
The attack on Cosmos Bank, based in the Indian city of Pune, came after the US Federal Bureau of Investigation (FBI) last week warned of an imminent attack. The FBI issued a warning to global banks that there would be a cyber attack of ATMS within days.
Uk-based banks with large international operations, such as HSBC and Barclays, were among those made aware of the threat.
The FBI said it had intelligence that criminals were going to hack into a banking system using a highly choreographed fraud scheme known as ATM “jackpotting”, in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to take out millions in just a few minutes.
Cyber experts have suggested that the attack may have been led by hackers from the so-called Lazarus organisation, a gang of cyber criminals that has been linked to other scams. However,
‘Gangs are pretty savvy – their cash mules could remove tens of thousands before any police turn up’
the group has not confirmed its involvement.
Zeki Turedi, technology strategist at Crowdstrike, said the apparent complexity and scale of the heist suggested it was probably carried out by sophisticated actors with access to significant resources.
This could potentially include groups with a level of state support. Some banks use older operating systems that leave them more vulnerable to hackers, Lu Zurawski, consumer payments practice lead at payments system company ACI Worldwide, said.
“Bank systems may indeed be able to monitor irregularities and react by shutting down ATMS and involving law enforcement agencies at known trouble spots,” he said.
“But gangs are pretty savvy and nippy – their ‘cash mules’ could remove tens of thousands of pounds before any police turn up.”
The bank said that its payments system was bypassed in the attack. Cosmos Bank said: “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system.”
ATM jackpotting is increasingly common. In one incident in Thailand in 2016, thieves made off in minutes with 12m baht (£280,000) from cash machines by targeting ATMS run by Government Savings Bank, a stateowned Thai bank based in Bangkok.