Comments
With the use of malware in ATM thefts seeing a considerable increase over the years, banks need to implement additional controls, including segregation of network and monitoring of suspicious traffic, and periodic threat hunting within their network, according to the RBI’s IT subsidiary Reserve Bank Information Technology Pvt Ltd (ReBIT).
This observation comes in the backdrop of the Lazarus Group, a cryptocurrency hacking group known for affiliations with the North Korean government, developing a new strain of malware to record and steal data from cards inserted into ATM machines in India.
The banking malware – ATMDTrack – has been active in India since last summer, Kaspersky Lab researchers said in a published report, said ReBIT in a report.
Some of the factors contributing to the proliferation of thefts, as per the report, is the lack of implementation of adequate security controls related to the ATMs and the overall network of the organisation. Organisations need to adopt the defence in-depth approach to protect themselves against such thefts.
Apart from implementing security solutions such as anti- malware and following process such as hardening and patch management, organizations should implement additional controls such as: segregation of network and monitoring on its suspicious traffic; training and awareness of the employees; and integration of threat intelligence into security mechanisms.
ReBIT has also suggested periodic threat hunting within an organisation's network; sandbox-based deduction mechanisms; and comprehensive cyber drills, including communication with vendors, card networks and other critical infrastructure dependencies to mitigate the risks of ATM thefts.
Adopting such an approach would not only enable an organisation to prevent or reduce such thefts but also help respond in a more planned and effective way, it added. As at August-end 2019, there were 2,28,170 ATMs across the country.
JokerStash expose
Recently, the Cyber Security and Information Technology Examination (CSITE) Cell of the RBI’s Department of Banking Supervision had issued an advisory asking banks to take necessary action to secure their customers’ card data after it came to light that a large number of credit/debit card information, including ‘Track2 details’, were available on the website ‘JokerStash’. About 1.3 million Indian payment cards were reportedly put up for sale on JokerStash.
CSITE asked banks to perform a preliminary analysis of the disclosed card information to verify the the data. If the leaked data is found to be genuine, CSITE told banks to disable and re-issue the credit and debit cards as per the bank’s policy.
Banks have been advised to monitor credit/debit transaction for the detection of frauds and misuse. Further, customers need to be sensitised to use credit/ debit cards in a secure manner in all modes of transactions – online, point of sale, etc.
CSITE has advised banks to take necessary proactive measures to identify and guard against such misuse of customer credentials.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.