The latest breach of an offshore account owned by Union Bank of India is raising new questions about the security of interbank payments, which fraudsters have been seen to easily compromise due to outdated backend authentication methods.  

Union Bank of India confirmed to Reuters in July that a breach of one of its Nostro account had been spotted and the fraudster’s attempts to transfers funds from the account had been foiled. Nostro accounts are kept in banks in other countries in foreign currencies and are commonly used to facilitate foreign exchange and trade transactions.

Experts believe the Union Bank’s Nostro account breach may involve the same attackers who compromised an outrageous $81 million SWIFT transaction by the Central Bank of Bangladesh to the Federal Reserve Bank of New York back in February 2016.

Head of Fraud and Security at Javelin Strategy & Research, Al Pascual, feels interbank payments have become the ideal target for cyber criminals. “While I cannot confirm the particulars, it appears that we are in that window where criminals have identified a high-value, poorly protected asset and are taking advantage of that. These attacks will migrate to those institutions where regulators have allowed lax cyber security to be the norm, and some of them will learn hard lessons in short order… We’re not done hearing about these multimillion-dollar heists.”

It’s been noted that Citi, not Union Bank of India, flagged the fraudulent request for a transfer from the Nostro account, ultimately stopping the criminals in their tracks and immediately notified Union Bank. Information on the amount of money the attackers attempted to transfer is still unknown.

Other security experts believe both the Union Bank and Bangladesh breach was inside jobs. In regards to the Bangladesh bank attack, experts speculate whether an employee with SWIFT administrative privileges may have had their login credentials stolen through a malware attack. The Union Bank attack involving Nostro accounts required multifactor authentication, meaning credentials for at least one person with administrative or transaction approval power had to be stolen.

The Bigger Picture

Indian banks have notoriously been known to focus more on ensuring compliance with regulatory requirements instead of ensuring cyber security and resilience again attacks. By using traditional tools and technologies, banks are finding it impossible to detect irregularities in their networks, or to prevent vulnerabilities that could be potentially catastrophic to the organization.

Organizations need a way to detect the presence of malware and to ensure hardening measures and user access controls are being enforced. Any configuration drift or breach activity needs to be alerted in real time to stave off threats and potential damage. While all compliance and regulatory standards require a hardened build standard, control of user rights and change control is too focused on fighting external threats, when the internal threat is potentially more significant.

File Integrity Monitoring is proven to drastically decrease the risk of security breaches, raising an alert related to any change made in core file systems or configuration settings. The potential breach is detected regardless of whether it’s been instigated by an insider or an unwittingly phished employee.  


Read this article on Data Breach Today



The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.