MUMBAI: A month ago, an official of Axis BankBSE 0.54 % — India’s third largest private sector lender — received an unexpected telephone call. The caller, an engineer at Kaspersky Lab, the well-known Moscow-headquartered cyber security firm, rattled off the names of several Axis computers which, he claimed, have been breached.
The Kaspersky man said his firm had stumbled on the information in the course of a separate probe. When an Axis team looked into the bank’s servers, it found out that there was indeed an unauthorized login by an unnamed, offshore hacker.
Last week, Axis filed a preliminary report about the breach to RBI. The bank has hired EY, the audit and advisory firm, to carry out an investigation.
Till now there are no reports of any fund transfers but the bank and EY are trying to figure out the extent of damage, data loss if any, and most importantly whether the virus is still crawling in the institution’s server zone, said a banker who is aware of the breach.
Responding to an email questionnaire from ET, a bank spokesperson said, “Axis Bank, like many other large financial institutions, often receives security threats from across the globe. The bank has strict security protocols and procedures in place and all its online properties are monitored round the clock by its in-house team of security experts.
The bank also engages best in class international and national agencies who regularly identify and neutralize threats and audit the Bank’s online ecosystem.” “Safety and security of our systems and processes is of paramount importance to us and we constantly monitor and are vigilant in our efforts to combat any potential threats. We would like to state that there has been no monetary loss.”
In cyber parlance, a malware creeping into a bank’s server — with the possibility of the virus finding its way to multiple servers — is known as “lateral movement” and can pose, what is known as, Advanced Persistent Threat (or, ABT). “Such attacks,” said the system head of another large bank, “are usually the handiwork of Chinese or East European hackers. In contrast Pakistani hackers are amateurs,” said the security chief of a large local bank.
Recently, a team of Pakistani hackers had temporarily defaced the website of a large Indian depository. In early August, a hacker from across the border, who called himself Faisal, defaced the website of a large public sector bank by inserting a malicious page and trying to block some of the bank’s e-payment services.
A bank runs multiple servers which house a mountain of information and details of various operations like credit cards, ATMs, real time gross settlements, ATMs and Swift — the global financial messaging service banks use to move millions of dollars every day. RBI has advised bank chairmen to review funds lying in their bank’s (overseas) nostro accounts and carry out hourly reconciliation of payment emails by comparing outward messages with SWIFT confirmations.
Over the past few years, banks have been fighting cyber strikes like “distributed denial of service” (or DDoS) which slows down a bank’s system to frustrate customers, worms that make ATMs spew out cash, and some that can divert funds to a secret destinations. Most Indian banks, including instututions which are listed abroad, keep cyber-attacks under wraps and rarely inform the regulator.