Security specialists have put out a grave warning about a massive Cyber attack planned against 30 major US Banks. RSA recently announced that a gang of Criminals had developed a sophisticated Trojan under a project idenitified as “Project Blitzkreig” which has been successfully tested.Security firm McAfee has warned that the full fledged attack is imminent in the coming days.
Though the present threat advisory is for US Banks, it includes CitiBank, E Bay and PayPal which has operations in India. Also the technology can reasonably be expected to be used to attack the Indian Banks since Indian Banking security is weaker compared to the US Banks and the Cyber Crime knowledge, technology and tools spread fast across the globe.
The scheme appears to involve logging in to the banks from Computers which are cloned to represent the home computers of the customers so that inconvenient security questions can be avoided.
It also uses the familiar method of circumventing the daily transfer/individual transaction limits by using many “Mules” as is normally done in phishing cases.
Indian Banks in the recent days have tried to increase the transaction limits without hardening their security. Hence the risks to Indian Customers are higher. There is also a tendency in Indian Banks to fight with its customers in cases of such frauds and drag them to Courts if they seek remedy. The Government of India which has kept the Cyber Appellate Tribunal closed for the last 2 years is indirectly acting to discourage the Banks from seeking legal remedy. Though RBI has been providing necessary guidance to Banks to secure the customer interests and to absorb Cyber Fraud liability through insurance, Banks are ignoring the RBI’s mandate.
We hope RBI and GOI will take note of this new threat and try to implement remedial measures at the earliest.