Cyber-security agency issued the alert on October 7

The Centre’s cyber security arm has issued a fresh warning to all banks cautioning them that cyber criminals from Pakistan may target their information infrastructure, The Hindu has learnt. The alert issued on October 7, came from the Computer Emergency Response Team-India (CERT-In), the nodal agency under the Ministry of Electronics and IT.

The cyber-security agency is working closely with the Reserve Bank of India to enhance financial sector security apparatus in the wake of the biggest security breach in Indian banking affecting over 32 lakh accounts, a senior government official said.

E-mail alert



The agency has also mailed various banks on Thursday, including State Bank of India, Axis Bank and HDFC Bank, asking them to report details of the debit cards breach, a senior official of the IT ministry said.

The incident has so far not been reported by the banks to CERT-In, which is the national nodal agency for monitoring and responding to cyber security incidents. It collects, analyses and disseminates information on cyber incidents.

It also forecasts, issues alerts and coordinates emergency measures to cope with cyber threats.

It has been learnt that CERT-In had also issued alerts to banks on July 1, regarding cyber attacks planned on their information infrastructure. The official further added that two such warnings were sent to banks in August as well.

However, it could not be ascertained if these alerts were in anyway linked to the recent debit card data breach, although the RBI too had in June issued notification on Cyber Security Framework in Banks, asking them to be put in place a robust cyber security policy separate from their information technology (IT) policy.

“CERT-In sent alerts to banks on August 12 and August 24, 2016, regarding backdoor Trojans which steals credentials of users. They were alerted on the advanced targeted attacks along with the indicators of compromise for them to take action,” the official said.

CERT-In along with National Critical Information Infrastructure sent mails to Chief Information Security Officers of the banks on October 19 (Wednesday), on the rise in the frauds carried out through Bank ATMs using malware and the modus operandi.

YES Bank



Additionally, following media reports that YES Bank’s ATM network located in China were involved in fraudulent transactions involving Indian customers, CERT-In on September 20, 2016, requested YES Bank to report the incident formally.

“YES Bank confirmed the news and reported the incident on September 21, 2016. They informed that they have engaged a Payment Card Industry Forensic Investigator to carry out the investigation,” the official said, adding, “CERT-In has requested YES Bank to share same logs with CERT-In which have not been done by YES Bank.”.