Malware Attacks Unleash Chaos Across Banking Systems; SBI Blocks 6 Lakh Debit Cards; Axis Bank Hires EY To Assess Damage

Hackers have unleashed a war on Indian Banks, and there is chaos all around. The worst thing is that banks have been caught unaware, as their security has been breached since past few weeks, and no one actually knows the extent of damage.

SBI, Axis Bank, Yes Bank and others have started damage control exercise; but only time will tell how much successful hackers have been in breaching security of our banks.

SBI Blocks 6 Lakh Debit Cards

India’s largest public sector bank, SBI, which has issued around 20.27 debit cards till July, 2016, has accidentally discovered that a malware from a non-SBI ATM network has entered their servers. This security breach occurred quite a some time back, and bank officials were caught unaware.

Although SBI was not directly responsible for this malware, the very fact that their servers have been affected puts crores of bank account holders at risk.

Shiv Kumar Bhasin, SBI’s chief technology officer (CTO) confirmed this development, as he said, “It’s a security breach, but not in our banks’ systems. Many other banks also have this breach — right now and since a long time,”

In a desperate attempt to control the damage, SBI has blocked more than 6 lakh debit cards, and are now issuing fresh cards for these customers.

Interestingly, other banks’ whose ATM network has been infected hasn’t come out of the closet, and most probably, they are not even aware of this malware.

Bhasin said, “Banks whose ATMs have been infected must come forward and declare those infected ATMs. The onus is on them to stop this..”. Unless banks admit the breach, and conduct mass scale operations to contain the breach, anyone who uses such infected ATMs will involuntarily get the malware, and then pass on to other ATMs.

Asking the public not to panic, SBI has asked all customers whose cards have been blocked to communicate with them for issuing new cards. He further said, “Customers need not panic. They can either approach their branch, call up phone banking or use the internet for ‘re-carding’. They can also set their PINs from their homes using internet banking,”

Axis Bank’s Servers Hacked; EY Hired To Access Damage

Meanwhile, Axis Bank was also caught unaware about a malware entering their servers, and unleashing havoc, the extent of which is still unknown.

When an official from Kaspersky Labs called Axis Bank and informed them about the intrusion of a malware, only then they found out the facts. It’s really strange how such big banks ignore security warnings, and fail to monitor their own servers.

No one knows how much damage has been done due to unauthorized logins, and due to the malware in their servers.

Axis Bank has already informed RBI about this hack, and damage control exercise is currently underway. They have hired EY as security and audit consultants to understand the extent of damage.

A statement from Axis Bank said, “Safety and security of our systems and processes is of paramount importance to us and we constantly monitor and are vigilant in our efforts to combat any potential threats. We would like to state that there has been no monetary loss.”

There are various possibilities of such daring hacks performed on Axis Bank’s servers – funds can be transferred into another accounts, sensitive details related to customers can be accessed and compromised, and even ATM networks can be hacked.

Interestingly, last month, Hitachi Payments, which manages Yes Bank’s ATM network conducted a wide-scale security audit of all ATMs belonging to Yes Bank via certified security agency SISA.

The bank said, “Preliminary reports of the audit conducted have been submitted… and the report does not establish any system-level breach at Hitachi Payment Services,”

We are still not able to connect the dots, and understand whether these three hacks are interrelated or standalone incidents.

We will keep you updated as more details come in..