A CASE STUDY ON CYBER SECURITY THREAT TO COSMOS BANK

ABSTRACT:

The practice of safeguarding computers, servers, mobile devices, electronic systems,

networks, and data from attacks that are malicious is known as cyber security. It is

also referred to as information technology security or electronic information security.

Risk management, data integrity, security knowledge training, and risk analysis are all

components of financial cybersecurity. Data security also includes the protection of

sensitive material. Cybersecurity threats are continuously evolving, and the banking

industry must take precautions to stay safe. When new defenses threaten more recent

attacks, hackers adapt by creating tools and strategies to compromise security.

Cyber-security encounters three types of threats they are Cybercrime, cyber-attacks,

and cyberterrorism. In recent years banking industries rely on online banking, both

mobile and web services have weak security systems, making cyber security threats

more prevalent. The roll-out of COVID led to the banking sector's digitalization. Both

the front-end and back-end processes are now digital. With all of this evolving

technology, cyber-attacks are on the rise, and attackers are actively seeking victims for

malicious cyber-attacks on banking and financial systems' private data. Generally,

cybercriminals prefer to target the banking sector to obtain customer and staff

information details, which they then use to steal bank data and money. This research

paper in particular aims to study the cyber security threat received by “Cosmos bank”

which became the victim of a major cyber malware attack on August,2018. The aim
of this research is to study the intense malware attack, the overall effect on the bank

due to the attack and to suggest ways to secure cyber security threats to banking

industries.

Keywords: cyber-security, cyber-security threats, banking sector, cosmos bank,

malware attack

INTRODUCTION

With an increasing number of users, devices, and programmes in the contemporary

enterprise, as well as an increased deluge of data, much of which is sensitive or

confidential, the significance of cybersecurity is growing. The increasing volume and

sophistication of cyber attackers and attack techniques exacerbates the issue.

CYBER SPACE

Along with the rapid development and wide application of information technology,

human society has entered the information era. In this era, people live and work in

cyberspace. Cyberspace is the collection of all information systems; it is the

information environment for human survival.

CYBER SECURITY

The term "cyber security" covers all facets of safeguarding a company's assets,

individuals, and operations from cyber risks. A variety of cyber security solutions are

needed to reduce business cyber risk as cyberattacks become more frequent and

sophisticated and corporate networks become more complicated.

The cybersecurity risk in financial sector has transformed the paradigm of banking

operations over a number of decades as it has the potential to interrupt banking

operations and result in massive direct and indirect losses. The rapid adoption of

online services and operations has made banks and other institutions vulnerable to

more security threats. The development of cyber technology over the past few decades

has altered how the global financial industry operates because most institutions now

provide services and carry out business in a virtual setting that is susceptible to

security risks like malware, phishing, internal and external system abuse and

cyberattacks. Institutions frequentlystruggle to provide an adequate collection of

resources, technologies, training, and best practises to safeguard networks and data

from illegal access, which creates cybersecurity risk. As the financial sector globally

relies more on cyber technology for its operations and services, banks and financial

institutions are more exposed to the systematic risk of technology that cannot be

removed. It occurs because a single breach in a banking network could shake off the

entire financial system and bring disastrous aftermath as all banks and financial

institutions are interconnected. Financial institutions must have the budgetary

resources to procure the essential technology to sustain the cyber infrastructure’s

resistance to cyber threats.

It is not easy to find the optimal investment in the cyber security infrastructure that

can restrain the growth of cybercrimes, as no system is 100% secure from

cyberattacks. Breach of cyber security system is unavoidable as some unknown

system flaws always exist, regardless of how advanced the technology is. The effects
of a cyber-breach and malicious activities may reach far away from the measurable

direct financial losses due to direct and indirect costs for the loss of customer’s

confidence, aftermath of cybercrime, costs associated with the loss of confidential

business information and intellectual property, and loss of reputational damage of the

hacked institution.

CYBER SECURITY IN INDIA

With initiatives like “Made in India” and “Digital India” having a beneficial impact on

the economy overall, India is making quick progress towards its digital goals. Yet,

because of its reliance on linked networks and systems, cyber security IS a problem.

India is one of the most often attacked nations online, therefore securing vital assets

depends on its cyber resiliency.

In the year 2020, CERT- In handled 1,158,208 incidents which included Website

Intrusion and Malware, Propagation, Malicious Code, Phishing, Distributed denial of

service attacks, website defacements, Unauthorized network Scanning/Probing

activities, Ransomware attacks, Data breach and vulnerable services. With continuous

th
efforts at improvement, India has moved up 37 places to be ranked 10 in the Global

Cyber security Index 2020(GCI), according to a report by the international

telecommunication Union (ITU). In May 2022, CERT -In mandated compulsory

reporting of all Cyber-attacks by government and other entities within six hours.

India has implemented a number of statutory and administrative measures to

strengthen its cyber defence and successfully combat cybercrime. There are two

legislations: the Information Technology Act 2000, provides the legal framework for
addressing cybercrimes and cyberattacks. Criminal countermeasures include the use

of this act along with the Indian Penal Code.

COSMOS BANK CASE SUMMARY

In one of the largest cyberattacks on an Indian bank, Cosmos Bank, a major

cooperative bank in Pune, India, became the victim of a sophisticated financial

cybercrime. On August 11, 2018, a coordinated cyber attack led to the unauthorized

cloning of several debit cards, which were then used for thousands of ATM

withdrawals. The attack spanned seven hours and involved multiple locations, with

the fraudsters using the bank’s ATM network across 28 countries, as well as locations

within India. Over the course of the attack, more than 12,000 ATM withdrawals were

made outside India, totaling approximately Rs. 78 crore. In addition, another 2,800

transactions were performed within India, amounting to Rs. 2.5 crore.

The attackers were able to exploit vulnerabilities in Cosmos Bank’s systems to clone

both Visa and RuPay cards. Visa cards were primarily used for transactions abroad,

while RuPay cards were used for withdrawals within India. This wide-reaching attack

exposed critical weaknesses in the bank’s cyber security infrastructure, allowing the

fraudsters to bypass security systems and execute massive financial fraud.

The criminal activity did not end with the ATM withdrawals. On August 13, 2018, a

further Rs. 13.92 crore was transferred to a Hong Kong-based firm using the SWIFT

(Society for Worldwide Interbank Financial Telecommunication) network, which

facilitates secure financial messaging. This added another layer of complexity to the
attack, as it involved international money transfers, making it difficult for authorities

to track and recover the funds.

The total embezzled amount in the attack reached an astronomical Rs. 94 crore. An

investigation was launched by the Pune City Police, and the case was reported to the

Chaturshringi police station under multiple sections of the Indian Penal Code,

including sections 120B (criminal conspiracy), 420 (cheating), 467 (forgery), 468

(forgery for purpose of cheating), 469 (forgery for purpose of harming reputation),

471 (using forged documents), and 34 (common intention). Additionally, the case was

examined under the relevant provisions of the Information Technology Act.

As the investigation progressed, the special investigation team (SIT) compiled a

1,700-page chargesheet, naming nine suspects in December 2018. Two more charge

sheets followed, adding nine additional defendants to the list. Thus far, 18 individuals

have been arrested in connection with the case, and significant progress has been

made in recovering stolen funds. The Pune City Police, in collaboration with Cosmos

Bank, successfully managed to recover Rs. 5.72 crore that had been transferred to the

Hong Kong bank account by the fraudsters.

This case highlights the growing risks faced by financial institutions from cyber

threats and underscores the need for robust security measures to prevent such

large-scale attacks in the future.

This study aims at understanding the emerging cyber space and security to the

financial sector especially in the banking sector in India. Since the whole of the

banking sector is developing with the help of AI (Artificial Intelligence), it is

important to protect it against various cyber security threats that it may face. This

research study understands the extent of a cyber-attack with the help of the case of

“Cosmos bank” malware attack. The severance of the attack and the aftereffects are

analyzed under this case study. It also suggests ways to control, protect against and

overcome cyber security threats to the banking sector.

REVIEW OF LITERATURE:

​ 1.​ Kutub Thakur, et al., “An Investigation on Cyber Security Threats and

Security Models,” IEEE 2nd International Conference on Cyber Security and Cloud

Computing, New York, USA, pp. 307-311, doi: 10.1109 (2015): This paper explores various

cyber security models and their frameworks, highlighting the limitations of existing

solutions. It provides an in-depth review of past techniques used to address cyber security

threats, with a focus on their effectiveness in mitigating risks in different sectors. The authors

emphasize the need for improved strategies to counter evolving cyber threats and the

continuous advancement of security models to match the increasing complexity of cyber

attacks.

​ 2.​ Diptiben Ghelani, et al., “Cyber Security Threats, Vulnerabilities and Security

Solutions Models in Banking,” American Journal of Computer Science and Technology, Vol.

x, No. x, doi: 10.11648 (2022): This study addresses the growing cyber security threats
within the banking sector and proposes potential solutions. The paper suggests that Smart

Online Banking Systems (SOBS) should integrate biometric authentication methods to

strengthen security and reduce the vulnerability to cyber attacks. By using biometric data,

such as fingerprints, the risk of unauthorized access can be significantly minimized, offering

a more robust defense against intruders seeking to exploit digital banking platforms.

​ 3.​ Md. Hamid Uddin, et al., “Cyber Security Hazards and Financial System

Vulnerability: A Synthesis of Literature,” Risk Management 22, 239-309, doi: 10.1057

(2020): This paper presents a comprehensive review of the increasing cyber security risks

that threaten the financial system. It synthesizes existing literature to explore the pervasive

nature of cyber threats in the financial sector, highlighting the vulnerabilities that make

financial institutions attractive targets for hackers. The authors propose five potential

research avenues to further investigate the dynamic relationship between cyber security risks

and the vulnerability of financial systems, encouraging future studies to focus on these

critical areas.

​ 4.​ Derek Mohammed, “Cyber Security Compliance in the Financial Sector,”

Journal of Internet Banking and Commerce, ISSN: 1204-5357, 1st April (2015): This paper

examines the impact of increasing compliance requirements in the financial sector,

particularly in relation to cyber security. It contrasts the challenges faced by financial

institutions in adhering to stringent security regulations while also discussing the benefits of

compliance. The paper reviews the similarities and differences between various regulatory

environments across financial sectors and emphasizes the need for a balanced approach to

ensure both compliance and robust security against emerging cyber threats.

​ 5.​ H.M. Alzoubi, et al., “Cyber Security Threats on Digital Banking,” 2022

International Conference on AI in Cyber Security (ICAIC), TX, USA, pp. 1-4, doi: 10.1109
(2022): This paper highlights the rising threats to digital banking and emphasizes the

importance of multi-layered security systems to combat cyber attacks. The authors propose

the use of multiple verification and authentication processes, along with advanced data

encryption techniques, to safeguard digital banking platforms. Such measures can help

prevent unauthorized access and ensure the safety of sensitive financial data in an

increasingly digital world.

STATEMENT OF PROBLEM:

When it comes to digital banking privacy and protection of the customers data

becomes a top priority. But with the emergence of cyber space though it comes with

benefits, it has become difficult to protect customer data with the uprising of cyber

security threats and attacks. These cyber-attacks are becoming more prevalent in the

financial sector. Hence it is important to resolve this problem by putting up a strong

shield to protect from cyber security threats. This is essential since in the present

world all these data are kept and maintains in a digital form. This study suggests ways

to protect against cyber securitythreats and consequences.

OBJECTIVES OF THE STUDY

The objectives of the study are:

1) To find out the intensity of the cyber attack on Cosmos bank.

2) To find out the consequences and overall effect on the bank due to the

malware attack.

3) To suggest ways to protect digital banking and the financial sector from cyber

security threats.
LIMITATIONS OF THE STUDY

• This study is limited to the cyber security threats only in the financial sector.

• This study uses secondary data that is annual reports collected from the website

of the Cosmos bank.

• This study is not limited to any person, profession, educational qualification,

income, wealth, race and geographical area.

METHODOLOGY

Methodology explains the research path to be taken, the tools to be used, the scope

and sample of the study for data collection, the tools for data analysis used, and the

pattern of establishingconclusions. For this study we used secondary data. The data

which is required for this study has been collected from the annual bank reports from

the website of the Cosmos bank. The annual reports have been collected for 5 years

starting from the year 2018 – 2022.

Source: 113th Annual Report of Cosmos Bank, pp: 21

INTERPRETATION:

This was the annual report of the year of attack . As we can see that the share capital

in 2018 – 2019 has reduced by 27.17 crores than the year 2017 –2018. The Net NPA

has reduced by 0.067%. The gross NPA has reduced by 0.086 %. The total income has

reduced by 56.31 crores. The total expenditure has reduced by 143.39 crores. Hence

in this year there is a profit of 21.83 crores. Also, the total income after transferring

funds from the reserve has decreased by 75.02 crores.

th
Source: 114 Annual Report of Cosmos Bank, pp:33

INTERPRETATION:

As we can see here the share capital in 2019– 2020 has reduced by 21.8crores than

the year 2018 –2019. The Net NPA has increased by 0.67%. The gross NPA has

increased by 0.86 %. The total income has increased by 211.58 crores. The total

expenditure has increased by 322.95 crores. In this year there is a short fall of

35.84cores. Hence it is a loss for the bank.

th
Source: 115 Annual Report of Cosmos Bank, pp: 29

INTERPRETATION:

In this annual report the share capital in 2020 – 2021 hasincreased by 10.92 crores

than the year 2019 –2020. The Net NPA has increased by 0.81 %. The gross NPA has

increased by 0.996 %. The total income has reduced by 4.69 crores. The total

expenditure has reduced by 97.3 crores. Here the bank has profited by 56.78 crores.
TABLE 4: COSMOS BANK ANNUAL REPORT 2021 – 2022

th
Source: 116 Annual Report of Cosmos Bank, pp: 29

INTERPRETATION:

In this annual report the share capital in 2021– 2022 has increased by 1.75crores than

the year 2020 –2021 The Net NPA has reduced by 0.83%. The gross NPA has reduced
by 0.102 %. The total income has reduced by 172.7crores. The total expenditure has

reduced by 181.83crores. In this annual report it shows that the bank has a short fall of

77.91 crores.

RESULTS AND DISCUSSIONS:

The analysis of the data above reveals significant insights into the financial performance of

Cosmos Bank, especially in the context of the cyber attack that occurred in the year

2018-2019. This attack proved to be devastating for the bank, causing substantial losses that

impacted its operations and reputation. The year 2018-2019 marked a pivotal point in the

bank’s history, as it experienced an enormous financial loss due to the cyber attack. However,

the bank made efforts to recover in the subsequent years, with some fluctuations in its

financial performance between 2019 and 2022.

The cyber attack on Cosmos Bank was a major event that disrupted the bank’s digital

banking services, leading to significant consequences. The attack severely damaged the

bank’s reputation, which in turn reduced customer trust and confidence in its services. This

was particularly damaging for Cosmos Bank, as trust is a vital component in maintaining

customer relationships in the banking sector. The financial damage from the attack amounted

to a staggering 94 million rupees, or approximately $13.5 million. As a result, Cosmos Bank

was forced to suspend its ATM operations and halt its online and mobile banking services

temporarily. This disruption had an immediate negative impact on the bank’s ability to serve

its customers and conduct normal banking operations.

The attackers carried out the cyber attack across 29 different countries, exploiting

vulnerabilities in the bank’s systems. More than 12,000 unauthorized transactions were

made, worth a total of 81.99 million crowns, through ATMs using VISA debit cards.
Additionally, 2,800 transactions were made using Rupay cards from domestic ATMs, with a

total value of 2.75 million rupees. The scale of the attack was vast, and the repercussions

were felt across various sectors, with many in the cooperative banking sector also being

shocked by the scale and sophistication of the attack.

In response to this cyber attack, Cosmos Bank implemented new policies and security

measures aimed at protecting against future hacking attempts and cybersecurity threats.

These measures included enhanced security protocols, updated systems, and more robust

monitoring processes to safeguard both customer data and financial assets. These actions

were crucial in the bank’s recovery, as it worked to restore customer trust and strengthen its

digital infrastructure.

In terms of the bank’s financial performance, the period between 2018 and 2019 was marked

by a significant decline in both income and expenditure, reflecting the impact of the cyber

attack. However, during the year 2019-2020, the bank experienced a recovery, with an

increase in both income and expenditure, suggesting that the bank had begun to regain

stability. Unfortunately, the subsequent years, 2020-2021 and 2021-2022, showed a decline

again in both income and expenditure. This indicates that while the bank made progress in

the short term, its long-term financial recovery remained inconsistent and vulnerable to

external factors.

SUGGESTIONS

The world of cyber security is constantly changing and threats and constantly

evolving. In the banking and financial sector, the stakes are high, not only are large

sums of money at risk, but if banks and other financial systems are compromised, the

disruption to the entire economy can be significant. Whether it’sa digital – only bank
or a bank with a branch, the challenges are similar, but as our world moves to the

digital frontier, banks that want to meet demand without compromising security must

overcome some key cybersecurity challenges. With so many cyber threats to contend

with, even a prudent financial institution would do well to proactively protect against

them. Some of the ways to overcome against these threats are toaddress the talent gap

by collaborating with other organizations and security partners that provide managed

services for protection. By implement ongoing security awareness training programs

or evaluate existing programs to ensure they are relevant and up-to-date with the

current threat environment. Buying detection and response tools to help you be

proactive and prevent attacks. Implement consumer awareness programs to prevent

customers from disclosing sensitive details to cybercriminals. Communication is very

important in banks and other financial institutions if they want to increase awareness

of cyber security in banking and prevent financial cyber security incidents. Design

appropriate internal communication strategies to keep employees informed of their

responsibilities to keep data secure, report breaches and be aware of emerging threats,

and ensure you have the appropriate tools and resources to communicate information

in an engaging and engaging way. Some banks can achieve this through internal

financial communications, including, using company wallpapers and screensavers to

remind employees about security issues. Conduct security training for employees and

regularly test their knowledge of banking cyber security. Provide information about

new threats so employees can be alert. Regularly post tips and tricks on cybersecurity

best practices don't overload yourself with too much information at once. Use
different communication channels to reinforce your messages. In these ways cyber

security threats can be reduced in the banking sector.

CONCLUSION

Every organization is concerned about cyber security. It is very important that banks

have adequate cyber security solutions and procedures, especially for institutions that

hold a lot of personal data and transaction lists. Cyber security in banking is an

undisputed topic. Hackers are more likely to target the banking sector as digitization

progresses. The main goal of banking cyber security is the security of the user's assets.

When people run out of money, further actions or transactions are done online.

Individuals use digital money, such as debit and credit cards, to make transactions that

need to be protected by cyber security. Today, the assessment that a major cyberattack

threatensfinancial stability is axiomatic—it's not a matter of if, but when. But

governments and companies around the world continue to struggle to contain the

threat, as it remains unclear who is responsible for protecting the system. Hence it is

important to safeguard the data of the customers with efficient cyber security systems

and software. This study has given an in-depth analysis on the Cosmos malware attack

and the study has also given ways to overcome these cyber security threats to financial

and banking sector.

JOURNALS:

1)Kutub Thakur,.et.al., ”An Investigation on Cyber Security Threats and Security

nd
Models “,IEEE 2 International Conference on Cyber Security and Cloud

Competing , New York,USA,pp.307-311,doi:10.1109(2015)

2)Diptiben Ghelani,et.al.,”Cyber Security Threats, Vulnerabilities and Security

Solutions Models in Banking”, American Journal of Computer Science and

Technology, Vol.x,No.x,doi:10.11648(2022)

3)Md.Hamid Uddin,et.al.,”Cyber Security Hazards and Financial System

Vulnerability: A Synthesis of literature”, Risk Manag 22, 239-309,doi:10.1057(2020)

4)Derek Mohammed, “Cyber Security Compliance in the Financial Sector”, Journal of

st
Internet Banking and Commerce,ISSN: 1204-5357,1 April(2015)

5)H.M.Alzoubi,et.al., “Cyber Security Threats on Digital Banking”,2022 International

Conference on AI in Cyber Security(ICAIC),TX,USA,pp.1-4,doi:10.1109(2022)

WEBSITES:

1)
https://indianexpress.com/article/cities/pune/pune-cosmos-bank-cyber-attack-supplem
entary-chargesheet-filed-against-five-from-thane-6120232/
2)
https://www.tatacommunications.com/blog/2018/09/lessons-learnt-from-cosmos-bank
-attack/
3)
https://www.studocu.com/in/document/manipal-academy-of-higher-education/cyber-s
ecurity/cyber-attack-news/24353558
4) https://www.authorea.com/doi/full/10.22541/au.166385206.63311335
5) https://ieeexplore.ieee.org/abstract/document/7371499/references#references
6)
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/10st
epstocybersecurity.aspx
7)
https://www.theglobaltreasurer.com/2019/09/25/the-importance-of-cyber-security-in-b
anking/
8)
https://www.guardrails.io/blog/the-top-ten-cyber-security-threats-to-digital-banking-a
nd-how-to-guard-against-them/
9) https://intellipaat.com/blog/cyber-security-in-banking/#26
10)
https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-s
ystems-maurer.htm