Centre warns banks of Pak cyber attacks

Cyber-security agency issued the alert on October 7

October 22, 2016 12:48 am | Updated December 02, 2016 10:47 am IST - NEW DELHI

WARNING SHOTS: CERT-In,the government’s cyber security arm, had issued alerts in July and August as well.

WARNING SHOTS: CERT-In,the government’s cyber security arm, had issued alerts in July and August as well.

The Centre’s cyber security arm has issued a fresh warning to all banks cautioning them that cyber criminals from Pakistan may target their information infrastructure, The Hindu has learnt. The alert issued on October 7, came from the Computer Emergency Response Team-India (CERT-In), the nodal agency under the Ministry of Electronics and IT.

The cyber-security agency is working closely with the Reserve Bank of India to enhance financial sector security apparatus in the wake of the biggest security breach in Indian banking affecting over 32 lakh accounts, a senior government official said.

E-mail alert The agency has also mailed various banks on Thursday, including State Bank of India, Axis Bank and HDFC Bank, asking them to report details of the debit cards breach, a senior official of the IT ministry said.

The incident has so far not been reported by the banks to CERT-In, which is the national nodal agency for monitoring and responding to cyber security incidents. It collects, analyses and disseminates information on cyber incidents.

It also forecasts, issues alerts and coordinates emergency measures to cope with cyber threats.

It has been learnt that CERT-In had also issued alerts to banks on July 1, regarding cyber attacks planned on their information infrastructure. The official further added that two such warnings were sent to banks in August as well.

However, it could not be ascertained if these alerts were in anyway linked to the recent debit card data breach, although the RBI too had in June issued notification on Cyber Security Framework in Banks, asking them to be put in place a robust cyber security policy separate from their information technology (IT) policy.

“CERT-In sent alerts to banks on August 12 and August 24, 2016, regarding backdoor Trojans which steals credentials of users. They were alerted on the advanced targeted attacks along with the indicators of compromise for them to take action,” the official said.

CERT-In along with National Critical Information Infrastructure sent mails to Chief Information Security Officers of the banks on October 19 (Wednesday), on the rise in the frauds carried out through Bank ATMs using malware and the modus operandi.

YES Bank Additionally, following media reports that YES Bank’s ATM network located in China were involved in fraudulent transactions involving Indian customers, CERT-In on September 20, 2016, requested YES Bank to report the incident formally.

“YES Bank confirmed the news and reported the incident on September 21, 2016. They informed that they have engaged a Payment Card Industry Forensic Investigator to carry out the investigation,” the official said, adding, “CERT-In has requested YES Bank to share same logs with CERT-In which have not been done by YES Bank.”.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.