An Indian bank has lost nearly 944m rupees ($13.5m) after hackers withdrew the funds from ATMs around the world and made other fraudulent SWIFT transfers.
Pune-headquartered Cosmos Bank claimed the attackers first stole customer information by installing malware on the firm’s ATM server, before conducting the globally co-ordinated withdrawals in 28 countries on August 11.
An alert from the FBI warned unnamed banks on Friday of an imminent “global Automated Teller Machine (ATM) cash-out scheme” but was unable to halt the sophisticated plot.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” it noted. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
The self-styled “leading co-operative bank in India” was also hit by three unauthorized transfers via SWIFT to a Hong Kong company’s account worth 139m rupees ($2m).
The lender claimed that the hackers managed to bypass the main switching system used for debit card payments.
“During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” it said in a press release seen by Reuters.
The case will bring to mind a series of high-profile raids on financial institutions over the past few years, many of them involving the SWIFT interbank transfer network.
Tamil Nadu-headquartered City Union Bank was targeted in February, when an alleged international group of hackers tried to make $2m worth of illegal transfers, although they only succeeded in getting half of that.
The run of attacks on lenders began with a major $81m raid on Bangladesh Bank back in 2016 which was subsequently blamed on the infamous North Korea-linked Lazarus Group.