India's Computer Emergency Response Team (CERT-In), the government's apex watchdog against cyberattacks, had instructed banks to be on heightened alert as recently as two weeks ago even as a malware infection was spreading through their networks and spawning the country's biggest known breach of financial data.
The agency, which frequently sends advisories to banks and other financial institutions about possible threats to their systems, had also sent warnings in July and August, a top government official told ET.?
BCCL
The latest of these on October 7 warned about 'expected targeted attacks from Pakistan", in the wake of India's counterstrike across the border following terrorist attacks in Jammu and Kashmir.
At the time this advisory was sent, more than a month had elapsed since the first complaints stemming from the breach began streaming into banks in early September. The malware infection put 3.2 million debit cards at risk, although the loss ¡ª through unauthorised withdrawals across the world ¡ª has been pegged at a relatively minor Rs 1.3 crore by the National Payments Corporation of India (NPCI).
The government and the Reserve Bank of India have ordered banks and payment gateways to investigate the breach amid concerns that faster, concerted action could have have limited the extent of the attack.?
ALSO READ: Here's Why 32 Lakh Debit Cards Are Being Replaced After India's Biggest Banking Hack
gotosecure
The worst hit of the card-issuing banks are said to be State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank, ET reported on Thursday. All said their systems were intact and that the affected cards may have been used in ATMs outside the networks of the respective banks.?
CERT-In and the National Critical Information Infrastructure Protection Centre sent an email to banks regarding the rise in ATM frauds following ET¡¯s report.?
"On October 20, 2016, CERT-In has sent mails to State Bank of India, Axis Bank and HDFC Bank to report an incident to CERT-In as seen in media report stating that 3.2 million debit cards have been used in ATMs that are suspected to have been exposed to malware at the back end. The incident has so far not been reported to CERT-In," said the official cited above. Not reporting the matter is in breach of the rules, said another official.?
ALSO READ:?30 Lakh Debit Cards Exposed To ATMs That Have Been Hacked, SBI To Reissue Cards To 6 Lakh Customers
BCCL/Representational Image
"There is an RBI framework¡ the Information Technology Act mandates that these incidents have to be reported so of course there is a lapse on the part of the banks," he said.?
After such incidents are reported, CERT-In starts analysing the attacks along with correlation of the data to ward off similar future attacks, he said. CERT-In had issued warnings to banks in the months before the attack.?
BCCL/Representational Image
On July 1, it advised them about cyber attacks planned on their information infrastructure along with the measures to be taken.?
On August 12 and 24, CERT-In sent alerts to banks regarding backdoor Trojans that steal credentials, alerting them to advanced targeted attacks along with how to look for signs of possible security breaches.?