Indian banking sector at forefront of cyber-attacks: What are major threats and way ahead

Ahead of Diwali, Uttar Pradesh cyber police arrested techies and a former bank employee involved in a Rs 145 crore illegal withdrawal from the Cooperative bank’s account in Lucknow. Another report claims that an Android malware named Drinik - operating under the guise of the Income Tax Dept of India - targeted 18 banks in the country. Similarly, a carding website on the dark web called BidenCash shot to the limelight after hackers uploaded the credit card details of over nine million individuals for free on the website. Most compromised cards came from the United States, according to data analysis. However, a massive data dump originated in India, the United Kingdom, Brazil, Mexico, Turkey, Spain, Italy, and China. Indian Banking Finance Services and Insurance (BFSI) sector has been at the forefront of cyber-attacks - targeted at the Asian region. Even the government data establish the sharp rise in attacks on the banking and financial sector. Between June 2018 and March 2022, India’s banks recorded 248 successful data breaches by hackers and criminals, central government notified Parliament on 2 August. Of the 248 successful data breaches, 41 were reported by public sector banks, 205 by private sector banks, and two by overseas banks. CloudSEK, a Singapore headquartered cyber security firm, in its Whitepaper, said 7.4% of the targeted attacks in the year 2022 were towards the Indian subcontinent. Whether it is on account of Nationalized banks, Crypto exchanges or wallets, NBFCs, or Credit card information leaks, India has emerged as the newfound hotbed for cyber-attacks in Asia. The cyber intelligence firm attributes growing digitalisation and online banking systems for catapulting crime instances. “Digitalisation and ubiquitous banking services have accelerated the growth of threats against the banking sector. The unprecedented growth of blockchain and cryptocurrency has further given threat actors access to the sector like never before. This, coupled with newer and evolving phishing mechanisms, have given access to targeting the banking industry with new and improved Tactics, Techniques, and Procedures (TTPs). The scattered nature of stakeholders also makes the Banking and Finance Industry a risky proposition,” said a CloudSEK researcher to FirstPost.  Major threats to the sector Data breaches and digital banking threats were the two major attacks targeting this sector. CloudSEK’s analysis shows that in 2021 and 2022, more than half of the reported cases involved the leak or sale of databases, which is called a “data breach.” Cybercriminals use everything from simple scraping, web injection commands, and taking advantage of exposed endpoints to complex malware attacks, taking advantage of CVEs, etc., to steal information from different organisations. About 20% of reported events concerning threats to digital banking mostly comprised selling, buying, compromising, and bypassing access to various digital payment systems, banking accounts, and digital wallets (crypto or otherwise). Most exploited tactics, techniques, and procedures The tactics, techniques, and procedures (TTPs) of cyber criminals in the Banking and Finance sector are dynamic and constantly evolving. It’s a dynamic field where scammers abandon established norms and adopt cutting-edge tactics. - By far, the most common type of attack on the sector has been the use of a fake domain name or a cloned website to trick users into giving over their banking information. - Recently, TTPs have changed because phishing sites have popped up to steal victims’ banking credentials and PII. After getting this information, an Android SMS forwarding malware is downloaded to Android users’ devices. - Attackers are also using fake APKs to target victims by deploying malicious Android applications hosted at Firebase through socially engineered pages that require customers to enter card details and account credentials. - Reverse Tunnel attacks are being made on the BFSI sector with the help of shortened URLs. In 2022, several reverse tunnel services were found that let applications open local server ports to the internet and serve malicious content. Malicious threat actors liked to host malicious content through reverse tunnels and URL-shortening services. These URLs send people to fake login pages that are used for phishing. This is done to avoid getting caught and to cause panic in the banking community. - Threat actors were also seen using SMS forwarding malware to steal OTP and avoid being caught by antivirus software by making malicious phishing websites that didn’t mention any banking name or logo. - In 2022, there were a lot more fake online complaint portals that tried to scam customers of the banking industry. Challenges faced by the sector Speaking about the latest banking fraud case cracked by his team, Triveni Singh, SP, Cyber Crime said cyber criminals are looking for newer ways to attack you. So it is not only banks and their officials’ responsibility to ensure security but every customer has to be equally aware of the security features. “All the cybercrime starts with data of bank employees. So it is important to keep your credentials secure. The best is to go for two-factor authentication or multi-layered security pins. It is a thumb rule to not trust anyone on phone or the internet and do not share details. Double-check the authenticity of the message or post before sharing any sensitive information,” Triveni Singh highlighted. Other cyber experts and banking professionals pointed out following challenges being faced by the sector: - A severe lack of talent is a problem that can hurt the security perimeter of this industry. - Credentials used by workers and outside contractors can have a significant impact on a company’s security system if they are too weak. - It is difficult for most organisations to set aside sufficient funds for security. - Employees without adequate knowledge who tamper with the system and risk damaging it - Third-party users who need training and insecure third-party services. - The industry’s problems are compounded by its lagging infrastructure and dispersed stakeholders. Some quick tips for the sector - Employees, customers, and third-party users should all participate in ongoing security awareness training covering cyberattacks, online scams/phishing, and more. - Multi-factor authentication and strict password regulations should be implemented (MFA). - Maintain a consistent schedule of software, system, and network updates and patches - Keep numerous copies of your data stored in different, safe locations; this includes both online and offline copies. - Keep an eye on server and application logs for signs of anything out of the ordinary. - Network firewalls should be used to prevent access to unauthorised IP addresses and to disable port forwarding. - Cybercriminals use exploits like misconfigured programs, exposed data, and leaking credentials to launch widespread attacks, thus, it’s important to monitor the internet to detect and eliminate these threats. The writer is founder and editor of The420.in , a portal that aims to make India digitally empowered and save each citizen from becoming a victim of cybercrime. Views expressed are personal. Read all the Latest News , Trending News ,  Cricket News , Bollywood News , India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.