Prabith GS, Amrita Vishwa Vidyapeetham, Amritapuri, Kerala, India. Email: [email protected]

ABSTRACT#

This research paper aims at studying the catastrophic impact of cybercrime on banking institutions, cyber security measures attempted to curb its effect and the development of a robust cyber security mechanism. In recent years banks are its direct victim. In India, a number of banks generally fall prey to massive malware attacks; it not only leaks valuable and sensitive information but also cause heavy financial losses. The objective of this study is to identify the business areas which are more susceptible to cyber-attacks and to ensure customization and development of cyber security protocol. The study involves secondary data analysis from various web resources such as government websites, articles, and research papers; it also includes a case study analysis of cyber threats and crimes that caused a huge financial loss in the past. This paper will provide insights into a cyber regime that will benefit banks, financial institutions, and society at large

INTRODUCTION#

The banking and financial sector Institution (BFSI) is a huge area or sector having a large number of customers spread across the earth. As needed, the availability of the banking is now mostly available to everyone irrespective of their community background. Nearly 1.2 billion adults have accounts in banks since 2011 as per the Global Findex database 2017. A study conducted by a research institute says Indians have migrated to digital banking and about 51% of the total Indians prefer online banking wherein 26% of them access services via their bank websites and use mobile banking services. The digitalization of the banking sector also increased the risk of cyber-attacks and crimes. The banking sector only accounts for 22% of the cyber-attacks that took place in India . If we compare with the cyber attacks happening over the past decade there was a tremendous increase in the cyber threats in this particular sector. This unprecedented growth in crime has not only caused serious damage to the critical banking processes but has also caused huge financial loss to the system.

Billions of dollars are lost every year just because of cyber attacks and the cost to spend in combating the crimes is amount to USD 274 billion. The evolution of cyber threats happened in India majorly in 1998 post-privatization of the banking industry with virus attacks, followed by hacking websites, sending malicious codes, advanced worms, and Trojan, identity theft (Phishing), Denial of Service (DOS), and Distributed Denial of Service (DDOS) in subsequent years and nowadays with cyber espionage and cyber warfare.

There were many cyber attacks that happened in India such as the July 2016 phishing email attack on union bank of India swindling of 171 million US Dollars, the May 2017 Ransomware attack causing several thousands of computers to get locked down, etc. India had 42 million cyber-crime victims, 52% of whom suffered financially or some other kind of loss due to hacking, scams, fraud, and thefts. Major Cyber security challenges are inborn weaknesses in the framework and vulnerabilities utilized by banks, multitudinous section focuses on the web and obsolete safeguard advancements that are exceptionally helpless against cutting-edge assault advancements utilized by attackers. However, basic cyber security precautions are taken by all the financial institutions. Conscious of rising threats of the cyberinfrastructure in its regulated entities, a good number of regulatory mechanisms and cyber security technologies have evolved during these years. Therefore, recognizing the increased frequency and complexity of cyber security incidences, there is a need to conduct an ongoing review of the cyber security landscape and emerging threats.

THE OBJECTIVE OF THE STUDY:#

Hence the goal of this paper is to review the threats innate in the current and arising technologies, concentrating on the adoption of systems to Conduct a continuous audit of the cyber protection scene and arising threats. Analyze the effect of cybercrimes on the financial area Intends to concentrate on the arising advancements to address the difficulties due to cyber threats

Suggest adoption of various security protocols/standards interfacing with stakeholders and suggest appropriate policy intervention

RESEARCH METHOD/METHODOLOGY#

To carry out this study existing information/ data available through the various sources are collected and analyzed on a comparative basis for arriving at logical findings/answers to the research question. The sources are mostly the white papers, government documents, published academic papers, journals, print media, and findings of RBI, NCRB, NITI Aayog, and CERT-IN, statistical data banks plus historical records.

The scope of the research is to study the impact of cyber-attacks on the Indian banking system only thereby narrowing the focus to bank fraud cases in India with the objective to standardize the points in the banking process more prone to attack and identifying the types of cyber-attacks that the banks are likely to encounter every day.

EVOLUTION OF CYBER THREATS#

In 1970, the world experienced its first “cyber attack” – What first started as a harmless joke, paved the way for a new wave of criminality - cybercrime. Since then, attacks have become more sophisticated with the use of malware, ransomware, and phishing attacks, among many others. In fact, according to Security Magazine, today’s hackers attack computers with Internet access every 39 seconds on average. The evolution of cyber-attacks started with a simple computer virus during the 1980s. Viruses are called sets of self-replicating computer programs modifying other computer programs and inserting their own code to infect the system. In the late 1990s, hacking websites evolved as a threat to systems with some applied research. During 2004, malicious code as an attack resurfaced which was application security that could not be controlled with conventional antivirus alone.

Types of Cyber Attacks:#

From the large array of data collected from various available resources and analysis made from those collected data, it is understood that Indian Banking Systems is mostly affected by these certain types of cybercrimes. According to a data breach investigation report – Verizon 2017, several banking organizations have been surveyed and it was found that more than 50% of the organizations apparently affected by the following major five cyber threats such as denial of service (DOS), phishing, malware, spear-phishing, and ransomware. Out of most incidents reported, the top 3 patterns of cyber-attacks such as denial of service(DOS), web application attacks, and payment card skimming consist of more than 88% of all the security incidents.

Phishing:#

Phishing is a cyber crime that leverages deceptive emails, websites, and text messages to steal confidential personal and corporate information. Victims are tricked into giving up personal information such as their credit card data, phone number, mailing address, company information, etc. This information is then used by criminals to steal the victim’s identity and commit further crimes using this stolen identity.

Identity theft:#

Identity Theft also called Identity Fraud is a crime that is being committed by a huge number nowadays. Using the identity of another person and attempting a practice for personal profit is termed an Identity threat. This theft is committed in many ways by gathering personal information such as transactional information of another person to make transactions. .

Virus and Trojans:#

A Virus is a malicious executable code attached to another executable file which can be harmless or can modify or delete data. Trojan Horse is a form of malware that capture some important information about a computer system or a computer network.

Vishing:#

Vishing is short for “voice phishing,” which involves defrauding people over the phone, enticing them to divulge sensitive information. In this definition of vishing, the attacker attempts to grab the victim’s data and use it for their own benefit—typically, to gain a financial advantage.

Cross-side scripting:#

Usually used for web applications. This enables attackers to inject client-side scripts into web pages viewed by users. This is used by attackers to bypass access controls.

Insider threat:#

It is a malicious threat that comes from inside of any organization from people, and employees themselves which exposes the system to attackers.

Botnet:#

A botnet attack is a form of cyberattack that happens when a group of internet-connected devices is infected by malware that is under control by a malicious hacker. Botnet attacks typically involve sending spam, data theft, exploiting sensitive information, or launching vicious DDoS attacks.

ATM/Debit/Credit card frauds:#

Debit, credit, or ATM card fraud is a type of banking crime that occurs when unauthorized access is made to your account or unauthorized transactions have been made through your card.

DOS and DDOS:#

DDoS. A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.

Ransomware:#

Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data

STATISTICS AND ANALYSIS#

So, the question is why banks are so vulnerable to cyber-attacks? The major cause of attacks seems to be money which causes attackers blind to do anything. Besides that, the market size of the Indian banking system is huge and growing day to day. With the proliferation of digital banking systems and financial inclusion schemes in India, huge numbers of online as well as offline users are now transacting through various modes of such as net banking, mobile banking, mobile wallets credit/debit cards, etc.

In past, there are many cyber-attacks on the Indian banking system attempting to theft and/or cause loss of money and hence imposing huge financial, reputational, and Operational impacts and loss of money, client base, and personal data. As per RBI data, the number of cases related to ATM/Credit/Debit cards and online banking frauds was 13,083 and 11,997during 2014-15 and 2015-16 respectively. Apart from that 44,697 and 49,455 cyber security cases related to phishing, malicious codes, denial of service, website hacking, etc. have been reported in the year 2015 and 2016 respectively as per the information tracked by CERT-in (Buletin, 2020). There is an increase in the number of such cases nowadays compared to those times in India. Some of the precious cyber-attack cases on the Indian banking system have caused huge financial losses and put the bank at too much risk from existing customers. Among them phishing attack on Union Bank Of India in 2017 attempt to the theft $170m, a malware attack on the switching system of cosmos bank Pune in August 2018 theft of 94 crore rupees, a phishing attack on UTI bank on 14 February 2007, SIM Card swap fraud cases causing loss of 4 crores and a large number of customers, ATM System hacking in Kolkata with loss of 20 lakhs rupees and other website hacking cases, Rourkela police busted a racket including an online misrepresentation worth Rs 12.5 lakh are few largest cyber-attacks in Indian history. This paper contains case study data of two out of the above-noted cyber-attacks in order to analyze the loopholes in the system and shares findings to adopt the best preventive measures to protect the system from such types of attacks in the future.

Case of cyber-attack on UBI 2017:#

A cyber attack on Union Bank of India began after an employee opened an email attachment releasing malware that allowed hackers to steal the state-run bank’s data. The opening of the email attachment, which looked like it had come from India’s central bank, initiated the malware that hackers used to steal Union Bank’s access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a system that lenders use for international transactions. The codes were used to send transfer instructions for about $170 million to a Union Bank account at Citigroup Inc in New York. Union Bank had traced the money trail and blocked the movement of funds. SWIFT late last year said that some banks using its system had been attacked after the Bangladesh heist, the Journal said but did not specifically name Union Bank of India. The attempt closely resembled the cyber theft last year of more than$81 million from the Bangladesh central bank’s account at the New York Federal Reserve, the paper reported.

Malicious attack on cosmos bank of Pune#

The next case study is a malicious attack on the cosmos bank of Pune on August 11 and 13, 2018, which is one of the best examples of malware attacks. In this case, banks’ internal and ATM infrastructure were compromised. The crime involved multiple malicious central code attacks on the bank’s switching system between the central and core banking systems. Basically, the code generated false payment transfer requests in response to transaction requests by the customers. After making false adjustments to targeted customers’ account balances, sending false standing -, an activity that authorized ATM withdrawal of a large amount of money using 450 cloned non-EVM debit cards from various countries. Attackers compromised the bank’s ATM/POS switching system by sending malicious codes into the system which in turn did not allow verification of any transactions requested by users at the POS/ATM machine. When there is a transaction of withdrawal happens, a transaction request (TRQ) is sent to the bank’s core banking system to verify and validate the user account and upon successful validation, a transaction reply message is sent confirming the same to the same customer. So in this case, the malicious code is used to send fake transaction reply messages to every transaction request at ATM/POS. So, attackers successfully tampered with the switching system of banks such that any transaction requests were not reaching out to the bank’s core banking system for validation of the amount and in this way. This attack on the cosmos bank did help siphoned off 84 crores of rupees with 2 waves of huge transactions in a more advanced and well-planned manner breaking layers of defense in the banking system. After further studies, it had been found that the cybercriminals had made much research on the Cosmos bank’s banking infrastructure and background surveillance system. The bank’s officers may have ignored all alerts produced by the system for unknown reasons. Periodic auditing of bank-generated reports should not have been ignored as well .

LEGAL FACTORS ON CYBER SECURITY#

Every government in the world, including our own country, is concerned about cyber security. India is especially facing a rising number of cyber security issues, and it is critical that it accepts the responsibility for them. According to a recent Economic Times analysis on global cybercrime, cyber-attacks cost the government nearly Rs. 1.25 lakh crore every year. Another research by Kaspersky highlights that the number of cyberattacks in India increased from 1.3 million to 3.3 million during the first quarter of 2020. India recorded the largest number of attacks, 4.5 million, in July 2020. Recently, the Reserve Bank of India (RBI) prohibited MasterCard from failing to comply with the direction for storing payment system data. The hazards posed by the internet are nearly limitless, and the most effective method to resist them is to implement a cyber security policy. The government must devote significant resources to safeguarding key data assets. The country’s cyber law has to be updated to integrate legal rules and address the issues posed by rapidly developing technologies.

There are four predominant laws to cover when it comes to cybersecurity: In countries like India, where the internet is used very extensively, cyber laws become extremely crucial. Stringent cyber laws fulfill the purpose of supervising the digital circulation of information, software, information security, e-commerce, and monetary transactions. By providing maximum connectivity and minimizing cybersecurity concerns, India’s Cyber Laws have cleared the path for electronic commerce and electronic government in the country and also broadened the scope and application of digital media.

Information Technology Act, 2000: The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices.

Indian Penal Code (IPC) 1980: Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 - invoked along with the Information Technology Act of 2000.

Companies Act of 2013: The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs have become even more proactive and stern in this regard.

NIST Compliance: The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable global certifying body.

RESULTS AND FINDINGS#

Major crimes in the Indian banking sector are because by phishing, identity theft, and malware. Even a big crime can happen from small mistakes and a lack of awareness of cyber security policies. Any suspicious things should be carefully handled and concerned authorities should be informed first before acting.

Systems should be audited on a fixed interval basis to test for any security breach. Public sector banks should be more focused on enhancing security through Public-private partnerships; allocate more budgets to data protection and security framework enhancement. ATM/POS machine switching system connectivity with the core banking system should be continuously monitored along with ATM/POS machine transaction monitoring. A constant network packet as an acknowledgment signal should be sent and received to validate connectivity.

SAFETY MECHANISM / SOLUTION#

the major responsibility of maintaining a secure Internet banking experience lies on the customer; the customer to update the browser, choose the appropriate browser, update the antivirus, choose the appropriate antivirus, be aware of phishing attacks, be aware of Malware, remember to update password every six months, choose a complex password, etc. In this paper, we propose a novel model that shifts some of these responsibilities to the banks. Banks have state-of-the-Art Information Technology Operations and Centers. By investing a bit more, the banks can take some of the responsibilities away from the customer and reduce the risk of security threats, thereby offering a fairly secure environment for their customers. The model proposed highlights some of the practices that are to be divided between Internet banking users and the bank’s information technology security policies. The proposed model bridges the gap between the users and the Bank. The model states that the banks can enforce their security policies to ensure a safer banking experience for users. On the other hand, users should follow the instructions provided by the bank to ensure a safe Internet banking experience.

Internet banking users should change passwords every three months, however, the bank is responsible to ensure that this happens by expiring the users’ password every three months and forcing the user to choose a new password. The users should keep in mind while choosing a password that it should not be easy to guess, however, it is the bank’s responsibility to allow passwords that have capital and small letters, numbers, and a special character. Any password that does not have these features will not be accepted. The bank should enforce that the user should not use the previous 2 passwords as well. Using a virtual keyboard for safeguarding sensitive information like passwords or debit cards is a responsibility added to the bank side. The Bank can enforce users to use a virtual keyboard by disabling the sensitive field by using the virtual keyboard provided on the webpage. As there is a chance for the user device to be infected by malware or a key logger program that detects the keystroke and can compromise the password security.

Banks should use the concept of the trusted device to ensure the identity of the users while the user is logging on. If the user has logged in from an untrusted device the bank system should send an SMS alert to confirm if it was the intended user. Education of the users is a key component to ensuring a safe Internet banking experience. The bank can provide security warnings on their web pages after the user has successfully logged in to familiarize users with the threats that are at risk for Internet banking. Banks should use Artificial intelligence software or machine-based learning software that can make judgments on the user behavior example transferring a large amount of cash to a destination, not within the monthly pattern of the user. This software can be used to detect all electronic transactions including credit card transactions and will be able to detect if the user has made a purchase, not within the customer’s pattern and will alert and sometimes disable the credit card or E-banking account in extreme cases until the customer’s identity is verified. The machine-based learning or artificial intelligence should predict this anomaly and take appropriate action. Information security is a critical part of the Internet banking process. Therefore, banks can improve the security features from their side by securing their servers and the communication between the user and the Internet banking server. In order to ensure the security of the user’s data, some security features that each bank should incorporate are listed below:

SSL Certification: An SSL certificate is a bit of code on your web server that provides security for online communications. When a web browser contacts your secured website, the SSL certificate enables an encrypted connection. It’s kind of like sealing a letter in an envelope before sending it through the mail.

Device registration: The user access device will be registered and after verification, only that device will be able to access the online banking system

System-based alarms: Set up different server-based alarms to monitor and control the bank transactions and access of the user accounts.

MFA: Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack

SNS: Simple notification id enabled to the internet banking service which will send mobile SMS and email notification based on the enabled system-based alarms

Data Encryptions: Encryption is enabled to all the stored data on the server by using encryption tools such as bit-locker.

User access permission: Based on the requirements, administration users need to be created and only minimum required access to particular services granted.

The private key with password: To make the internet banking infrastructure access more secure, private keys with passwords need to use.

Malware analysis of Malware that attacked financial sector#

Agent tesla#

Agent Tesla is an extremely popular spyware Trojan written for the . NET framework has been observed since 2014 with many iterations since then. It is used to steal sensitive information from a victim’s device such as user credentials, keystrokes, clipboard data, credentials from browsers, and other information

Malware analysis: blog or click here

REFERENCES#

1. L. Klapper, D. Singer, S. Ansar, and J. Hess, “Asli Demirgüç-Kunt The Global Findex Database Measuring Financial Inclusion and the Fintech Revolution 2017.” 2017, [Online]. Available: http://hdl.handle.net/10986/29510.
2. B. Standard, “Banks most vulnerable to cyber threats_ Govt official _ Business Standard News.” Business Standard Ltd, Mumbai, pp. 2–10, 2019, [Online]. Available: https://www.business-standard.com/article/current- affairs/banks-most-vulnerable-to-cyber-threats-govt-official- 119022000646_1.html.
3. A. R. Raghavana and L. Parthiban, “The effect of cybercrime on a Bank’s finances,” Int. J. Curr. Res. Acad. Rev., vol. 2, no. 2, pp. 173–178, 2014, [Online]. Available: http://www.ijcrar.com/vol-2-2/A.R. Raghavan and Latha Parthiban.pdf.
4. K. Mohapatra, “effective operational risk management Cybersecurity vulnerability in Indian banks,” CYBERSECURITY Framew. BANKS, 2016, [Online]. Available: https://financialit.net/sites/default/files/customerxps_white_paper_cyber security_vulnerability_in_indian_banks_1.pdf.
5. M. M. MANISHA, J. M. P, and N. K.M, “International Journal of Advanced Research in Online Banking and Cyber Attacks : The Current Scenario,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 5, no. 12, pp. 743–749, 2015, [Online]. Available: https://www.researchgate.net/publication/290325373_Online_Banking_ and_Cyber_Attacks_The_Current_Scenario.
6. A. Saravade, N ; Bhalla, “Emerging trends and challenges in cyber security _ Reserve Bank Information Technology Private Limited (ReBIT).” 2018, [Online]. Available: https://rebit.org.in/whitepaper/emerging- trends-and-challenges-cyber-security.
7. D. V. Saraswat, “Cyber security,” 2003. doi: 10.1016/j.techsoc.2003.09.022.
8. S. Goel, “Cyber-Crime: a Growing Threat To Indian Banking Sector,” 3rd Int. Conf. Recent Innov. Sci. Technol. Manag. Environ., vol. 2016, pp. 13– 20, 2016, [Online]. Available: http://data.conferenceworld.in/IFUNA18DEC16/P13-20.pdf.
9. RBI, “the Reserve Bank ’ S Accounts,” 2019. [Online]. Available: https://m.rbi.org.in/Scripts/AnnualReportPublications.aspx?Id=1267.
10. MR. DIGPAL SINGH H. RATHORE & MR. KARN MARWAHA, “CYBER CRIME IN BANKING SECTOR -LAW MANTRA,” vol. 2, no. 7,
11. 2014, [Online]. Available: www.lawmantra.co.in.
12. “HACKED: HOW $171 MN STOLEN FROM UNION BANK WAS RECOVERED,” 2017.
13. O. Kolesnikov, “Cosmos Bank Swift / Atm Us $ 13 . 5 Attack Detection Using Security,” 2018. [Online]. Available: https://www.securonix.com/web/wp- content/uploads/2018/08/Securonix-Threat-Research-Cosmos-Bank- Report.pdf.
14. “Cosmos Bank’s server hacked, ₹ 94 crore siphoned off in 2 days,” Live mint, 2018.
15. I. Mugari, S. Gona, M. Maunga, and R. Chiyambiro, “Cybercrime - The Emerging Threat to the Financial Services Sector in Zimbabwe,”
16. Mediterr. J. Soc. Sci., vol. 7, no. 3, pp. 135–143, 2016, doi: 10.5901/mjss.2016.v7n3s1p135.
17. D. Stiawan, M. Y. Idris, A. H. Abdullah, F. Aljaber, and R. Budiarto, “Cyber- attack penetration test and vulnerability analysis,” Int. J. Online Eng., vol. 13, no. 1, pp. 125–132, 2017, doi: 10.3991/ijoe.v13i01.6407.
18. A. Lakshmanan, “Literature review on Cyber Crimes and its Prevention Mechanisms,” no. February. pp. 1–5, 2019, doi: 10.13140/RG.2.2.16573.51684.
19. L. Ali, F. Ali, P. Surendran, and B. Thomas, “The Effects of Cyber Threats on Customer’s Behaviour in e-Banking Services,” Int. J. e-Education, e- Business, e-Management e-Learning, vol. 7, no. 1, pp. 70–78, 2017, doi: 10.17706/ijeeee.2017.7.1.70-78.