PROJECT ON

CASE STUDY OF CYBER ATTACK ON COSMOS BANK, PUNE

SUBMITTED TO:

Mr. SUSHIL JAIN

Assistant Professor

Information Technology Law

SUBMITTED BY:

ANIMESH PATHAK

16001106, BA.L.LB VIII Semester

SCHOOL OF LAW

GURU GHASIDAS VISHWAVIDHYALAYA, BILASPUR (C.G.)

  DECLARATION

I hereby, declare that this project is my original piece of work. The project or any part of it is
not being copied from any of the sources without being acknowledged.

I am highly indebted to the authors of the books and the owners of the articles and websites,
from where the reference is being taken. Through the references, I have tried to come-up with
new conceptual interpretation to present the idea of all Pros-n-cons of my subject.

(CASE STUDY OF CYBER ATTACK ON COSMOS BANK, PUNE)

ANIMESH PATHAK

ROLL NO. 16001106

B.A. LL.B. VIII semester

  CERTIFICATE

I, ANIMESH PATHAK, 16001106, B.A LL.B. (VIII semester, student of SCHOOL OF

LAW hereby, certifies that I have submitted my project on the subject “CASE STUDY OF
CYBER ATTACK ON COSMOS BANK, PUNE”. And this project is being accomplished
under the guidance of my Information Technology professor, MR. SUSHIL JAIN.

The context of the project is not being copied from anywhere without any such
acknowledgment and is the original work of mine.

ANIMESH PATHAK Faculty Signature:

ROLL NO.16001106

B.A. LL.B. VI semester

  ACKNOWLEDGEMENT

I hereby, not just indebted to the authors and owners from whom I referred but also thankful
to my teacher ‘MR. SUSHIL JAIN who actually guided me the way to accomplish my work
on time and made the concept clear to me, so I could tackle with the exceptions and higher
level of theory of the subject. Also, I am glad that God Almighty is always being there by
my side during the duration of the completion of my work and never let me fallen ill, and
thankful to my Parent who always supported me.

ANIMESH PATHAK

ROLL NO.16001106

B.A. LL.B. VI semester

School of law
  SYNOPSIS

1. OBJECTIVE
 Fulfilling the motive of studying the cyber-attack on Cosmos bank.

 Understanding and preventing future unfortunate events of money heist by

means of hacking through malware attack.

2. AIM
To understand the need of upgrading the technological part of Multinational
corporation and financial institutions in this highly competitive world who are being
victimised by the hackers for fulfilment of their financial needs.

3. SCOPE
The present study covers the different aspects of cyber-attack on computer systems of
various Multinational organisation and financial institutions and problems faced by
them to tackle and prevent such attacks.

4. RESEARCH QUESTIONS
Why the Government has not stressed on the need of creating more professional cyber
experts who will prevent hacking and malware attack?

Is there a need of intensive focus by educational institutions to provide courses for the
techniques of preventing cyber-attack?

Is becoming an Ethical Hacking Expert a lucrative field for new generation?

5. RESEARCH METHODOLOGY
For present research work secondary data will be used. Various statistical tools will be
used to analyse the secondary data such as:-

a. Document Review- Obtaining the actual forms and operating documents currently
being used

b. Observation - Analysing annual reports and press release, verifying the statements
made during the interviews

c. Web Search- The information related to outside region will be studied from internet
and other published articles.
  INTRODUCTION

WHAT IS A CYBER ATTACK?

A cyber-attack is an assault launched by cybercriminals using one or more computers against

a single or multiple computers or networks. A cyber-attack can maliciously disable
computers, steal data, or use a breached computer as a launch point for other attacks.
Cybercriminals use a variety of methods to launch a cyber-attack, including malware,
phishing, ransom ware, denial of service, among other methods.

CYBER ATTACK TRENDS

In its mid-year report, Check Point Research provides analysis of the year to date, looking at
global cyber-attack trends in malware overall, ransom ware, and mobile and cloud malware.

TREND 1: Software supply chain attacks on the rise

In software supply chain attacks, the threat actor typically installs malicious code into
legitimate software by modifying and infecting one of the building blocks the software relies
upon. As with physical chains, software supply chains are only as strong as their weakest
link.

Software supply chain attacks can be divided into two main categories. The first includes
targeted attacks aiming to compromise well-defined targets, scanning their suppliers list in
search of the weakest link through which they could enter. In the Shadow Hammer attack,
attackers implanted malicious code into the ASUS Live Update utility, allowing them to later
install backdoors on millions of remote computers.

In the second category, software supply chains are used to compromise as many victims as
possible by locating a weak link with a large distribution radius. One such example is the
attack on Prism Web, an e-commerce platform, in which attackers injected a skimming script
into the shared JavaScript libraries used by online stores, affecting more than 200 online
university campus stores in North America.

TREND 2: Evasive phishing cyber attacks

Phishing is a popular cyber-attack technique and continues to be one of the biggest threats to
cyber security. Advanced socially engineered evasion techniques are bypassing email
security solutions with greater frequency. Check Point researchers noted a surge in extortion
scams and business email compromise (BEC), threatening victims into making a payment
through blackmail or by impersonating others, respectively. Both scams do not necessarily
contain malicious attachments or links, making them harder to detect. In April, one extortion
campaign went as far as pretending to be from the CIA and warned victims they were
suspected of distributing and storing child pornography. Hackers demanded $10,000 in
Bitcoin.

Evasive email scams include encoded emails, images of the message embedded in the email
body, as well as complex underlying code that mixes plain text letters with HTML character
entities. Social engineering techniques, as well as varying and personalizing the content of
the emails, are additional methods allowing the scammers to fly safely under the radar of
anti-spam filters and reach their target’s inbox.

TREND 3: Clouds under attack

The growing popularity of public cloud environments has led to an increase of cyber-attacks
targeting resources and sensitive data residing within these platforms. Following the 2018
trend, practices such as misconfiguration and poor management of cloud resources remained
the most prominent threat to the cloud ecosystem in 2019. As a result, subjected cloud assets
have experienced a wide array of attacks. This year, misconfiguring cloud environments was
one of the main causes for a vast number of data theft incidents and attacks experienced by
organizations worldwide.

Cloud crypto mining campaigns have increased with upgraded techniques capable of evading
basic cloud security products. Docker hosts have been exposed and competitors’ crypto
mining campaigns operating in the cloud shut down. Check Point researchers also witnessed
an increase in the number of exploitations against public cloud infrastructures.

TREND 4: Mobile device attacks

Malicious actors are adapting techniques and methods from the general threat landscape to
the mobile world. Banking malware has successfully infiltrated the mobile cyber arena with a
sharp rise of more than 50% compared to 2018. In correlation to the growing use of banks’
mobile applications, malware capable of stealing payment data, credentials and funds from
victims’ bank accounts have been pushed from the general threat landscape and became a
very common mobile threat too.
  MALWARE ATTACK ON COSMOS BANK

In August 2018, Cosmos Bank became the latest victim of a major cyber-attack. Hackers
breached the bank’s ATM switch server in Pune, stealing details of multiple Visa and Rupay
debit card owners. The details were then used to carry out around 12,000 fraudulent
transactions across 28 countries on August 11 – with a further 2,841 transactions taking place
in India.

The attack didn’t stop here. Two days later, on August 13th, in another malware attack on the
bank’s server, a SWIFT transaction was initiated – transferring funds to the account of ALM
Trading Limited in Hanseng Bank, Hong Kong.

The total losses from the attack stand at INR 94 crore, or 13.5 million USD. Cosmos Bank
was forced to close its ATM operations and suspend online and mobile banking facilities.

How did the attack happen?

Malware attack: The core banking system (CBS) of the bank receives debit card payment
requests via a ‘switching system’. During the malware attack, a proxy switch was created and
all the fraudulent payment approvals were passed by the proxy switching system.

ATMs compromised: When depositors withdraw money at ATMs, a request is transferred to

the respective bank’s CBS. If the account has sufficient balance, the CBS will allow the
transaction. In the case of Cosmos Bank, the malware created a proxy system that bypassed
the CBS. While cloning the cards and using a ‘parallel’ or proxy switch system, the hackers
were able to approve the requests – withdrawing over INR 80.5 crore in approximately
15,000 transactions.

Reserve Bank of India (RBI) guidelines: RBI has clear guidelines to protect against incidents
such as the Cosmos Bank attack which must be followed. The security measures across
Indian banks are moderate and given the high level of coordinated international attacks, all
banks need to upgrade their security mechanisms.
Why is this attack more serious?

Just a few days prior to this attack, the American FBI had warned banks of a major hacking
threat to ATMs worldwide. According to Krebs On Security, the influential cyber-security
blog run by journalist Brian Krebs, a confidential alert to international banks informed them
that criminals were plotting an imminent, concerted global malware attack on ATMs.

Smaller banks with less sophisticated security systems were believed to be most vulnerable to
attack – with a scheme known as ‘ATM cash-out’ as the likely approach that the criminals
might take. This is where crooks hack a bank or payment card processor and use cloned cards
at ATMs around the world to fraudulently withdraw millions of dollars in just a few hours.

Banking experts and industry players fear this could be a ‘pilot run’ unless the authorities
take the attack seriously. Essentially, this malware attack was not against any bank but rather,
the banking system. It was carried out at international scale in a meticulously coordinated
manner.
  PREVENTION OF CYBER ATTACK

What is Cyber security?

Cyber security refers to the use of network architecture, software, and other technologies to
protect organizations and individuals from cyber-attacks. The objective of cyber security is to
prevent or mitigate harm to—or destruction of—computer networks, applications, devices,
and data.

For cyber security strategy to succeed, it must continually evolve to keep pace with the
shifting strategies and technologies used by hackers. More importantly it requires a multi-
pronged effort that includes security management for better monitoring and visibility; cloud
protections for all environments; mobile security that follows wherever the business leads;
threat prevention and anti-ransom ware technology; and security appliances that grow with
business needs to current and future cyber security needs.

Cyber security Should Be Required, Not Optional

Cyber criminals constantly hone their skills, advancing their tools and tactics. At the same
time, the technologies and applications we rely on daily are also changing and sometimes that
means ushering in new vulnerabilities. While we can apply patches and updates, use firewalls
and anti-malware programs, true cyber security requires an evolving, holistic approach—and
one that focuses on prevention, not detection.

With a secure infrastructure, you’re not only able to keep your organization out of harm’s
way. You’re able to unlock innovation and accelerate business value.
CONCLUSION

Despite the prevalence of cyber-attacks, Check Point data suggests that 99 % of enterprises
are not effectively protected. However, a cyber-attack is preventable. The key to cyber
defence is an end-to-end cyber security architecture that is multi layered and spans all
networks, endpoint and mobile devices, and cloud. With the right architecture, you can
consolidate management of multiple security layers, control policy through a single pane of
glass. This lets you correlate events across all network environments, cloud services, and
mobile infrastructures.

In addition to architecture, Check Point recommends these key measures to prevent cyber-
attacks:

 Maintain security hygiene

 Choose prevention over detection
 Cover all attack vectors
 Implement the most advanced technologies
 Keep your threat intelligence up to date
 BIBLIOGRAPHY

I. https://www.checkpoint.com/definitions/what-is-cyber-attack/

II. https://economictimes.indiatimes.com/industry/banking/finance/banking/cosmos
-banks-server-hacked-rs-94-crore-siphoned-off-in-2-
days/articleshow/65399477.cms