Pakistani Banks Urged to Beef Up Security After CyberattackBankIslami Pakistan Says Rs 2.6 Million Was Stolen; Method of Attack Not Yet Clear
In the wake of a cyberattack against BankIslami Pakistan, the State Bank of Pakistan, the nation's central bank, is asking all banks to step up their security efforts and make sure that security measures on all IT systems, including those related to card operations, are continuously updated.
Some security experts are questioning whether the cyberattack is similar to the Cosmos Bank attack in India in August. In that attack, hackers cloned the bank's Visa and Rupay debit cards and used them to siphon cash from ATMs across multiple countries.
BankIslami reports that it was alerted by customers who reported irregular activities and multiple unauthorized international transactions on their payment cards. The bank says it responded immediately by shutting down all international transactions originating from the International Payment Scheme.
Although the bank has stated the amount stolen was about Rs 2.6 million (U.S. $19,422), international payment managers, including Visa, claim the stolen amount to be in the range of $6 million to $6.5 million, according to a news report in the Express Tribune. But BankIslami says the amount can't be that huge because it took the timely measure of disconnecting the switch which allows international payment transactions.
In a letter to the Pakistan Stock Exchange, the bank notes: "On the morning of October 27, 2018, certain abnormal transactions valuing Rs 2.6 million were detected by the bank on one of its international payment card scheme. The bank immediately took precautionary steps which ... included shutting its international payment scheme. All monies withdrawn from accounts, i.e. Rs 2.6 million, have been credited in the respective accounts."
Central Bank Action
Following the incident, the State Bank of Pakistan issued directives to all banks to take steps to ensure the security of all payment cards and monitor on a real-time basis the activity of their cards, especially overseas transactions. The central bank said it will continue to assess these developments in coordination with banks and take further measures, if required.
State Bank of Pakistan instructed all banks to:
- Make sure that security measures on all IT systems, including those related to card operations, are continuously updated;
- Deploy resources to ensure the 24/7 real-time monitoring of card operations-related systems and transactions;
- Immediately coordinate with all the payment schemes, switch operators and media service providers to identify any malicious activity of suspicious transactions.
The central bank further advised banks to immediately report any unusual incidents.
Earlier this year in Pakistan, Habib Bank Limited and Careem, the ride-hailing app, were targeted by cyberattacks that exposed large amounts of data.
Some security experts say the attack on BankIslami Pakistan seems similar to the attack on Cosmos Bank in Pune, India, where attackers siphoned off (U.S.)$13.4 million via ATMs.
"Though there is no confirmation on the modus operandi of the attack, I feel there is a malware infection on the ATM switch - a payment transfer engine that allows the ATM software to connect to interbank networks," says C.N. Shashidhar, founder, SecurIT Solutions.
Rakesh Goyal, a cybersecurity expert at Sysman Computers, notes: "In case of BankIslami, the ATM payment switch seems to be outdated. The card management system could have had vulnerabilities that allowed attackers to gain access."
The hackers seem to have taken control of the ATM switch and created a proxy switch using man-in-the-middle attack, which pre-authorized the transactions, he says.
When debit card transactions take place, the ATM system connects to a switch, which, in turn, connects to a banking server. The switch is mutually authenticated with banking servers. Attackers could have deployed the malware attack on the switch, and then replicated it as a genuine switch and routed all transaction through the illegitimate or replicated switch, some security experts say.
But others who are offering a different view.
"There is a clear breach of information at BankIslami's part and it is being speculated that a digital copy of BankIslami customers' credit card information was leaked to hackers," Pakistan Today reported. "The transactions mainly originated from Brazil and the US, [and] the bulk of the transactions can be traced back to point of sale at Target stores."
BankIslami must conduct a detailed risk analysis to confirm whether the attack resembles the Cosmos bank attack, says Umaid Jililli, a cybersecurity researcher in Pakistan.
"If yes, then the cyber team of both the countries needs to coordinate," he says. "Pakistan is very nascent when it comes to cybersecurity. Our cybersecurity law has been developed only a couple of years ago."