By Surabhi Agarwal, ET Bureau | Oct 22,
NEW DELHI: India's Computer Emergency Response Team (CERT-In), the government's apex watchdog against cyberattacks, had instructed banks to be on heightened alert as recently as two weeks ago even as a malware infection was spreading through their networks and spawning the country's biggest known breach of financial data. The agency, which frequently sends advisories to banks and other financial institutions about possible threats to their systems, had also sent warnings in July and August, a top government official told ET.
The latest of these on October 7 warned about 'expected targeted attacks from Pakistan", in the wake of India's counterstrike across the border following terrorist attacks in Jammu and Kashmir. At the time this advisory was sent, more than a month had elapsed since the first complaints stemming from the breach began streaming into banks in early September. The malware infection put 3.2 million debit cards at risk, although the loss — through unauthorised withdrawals across the world — has been pegged at a relatively minor Rs 1.3 crore by the National Payments Corporation of India (NPCI). The government and the Reserve Bank of India have ordered banks and payment gateways to investigate the breach amid concerns that faster, concerted action could have limited the extent of the attack.
The worst hit of the card-issuing banks are said to be State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank, ET reported on Thursday. All said their systems were intact and that the affected cards may have been used in ATMs outside the networks of the respective banks.
CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET’s report.
"On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official.
"There is an RBI framework… the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.
ANALYSING ATTACKS
After such incidents are reported, CERT-In starts analysing the attacks along with correlation of the data to ward off similar future attacks, he said. CERT-In had issued warnings to banks in the months before the attack.
On July 1, it advised them about cyber attacks planned on their information infrastructure along with the measures to be taken.
On August 12 and 24, CERT-In sent alerts to banks regarding backdoor Trojans that steal credentials, alerting them to advanced targeted attacks along with how to look for signs of possible security breaches.
7,000 ATTACKS ON WEBSITES
After the strikes across the border, there have been a number of attacks on various Indian websites — some reports put these at 7,000 — by Pakistani hackers.
Sivarama Krishnan, executive director of audit and consultancy firm PwC, told ET that in a possible cyber war, India's systems are "fully exposed".
"In June 2016, RBI issued an advisory for banks to have a security operations centre," he said. "How many banks have it or how many of them do quality monitoring, people give their money to banks and not to third parties like Hitachi Payment Systems? What kind of message are we sending to the world?"
Hitachi Payment Systems, which provides ATM and point of sale services, has denied that the malware infection stemmed from its servers.
'NOT SPENDING ENOUGH'
India isn't spending enough on cyber security, Krishnan said. He said several projects aimed at increasing India's cyber preparedness such as the National Cyber Coordination Centre are yet to be started even after getting Cabinet approval.
The first official cited above said CERT-In had asked YES Bank about fraudulent ATM transactions in China. The bank is said to have reported the incident to CERT-In on September 21 but hasn't provided logs. YES Bank couldn't be reached for comment late on Friday. It's among the banks that has denied any security breach.
No comments:
Post a Comment