Facebook-f Linkedin

Leading paid email service provider used for Corporate – System Hacked – Loss of Funds

Issue

A cooperative-bank named XYZ*, located in a town based in Indian state suddenly lost funds one day from its Sponsorship-Bank-RTGS-Daily-Transaction Current-Account. This incidence came to light, when this bank employee, who initiated email to Sponsorship-Bank requesting RTGS pay-out found that these RTGS payment funds could not be traced to any bank customer’s RTGS payment request. 

This cooperative-bank maintains a fixed balance amount in Sponsorship-Bank-RTGS-Daily-Transaction Current-Account as per RBI rules. Also, majority of the merchants’ bank accounts was based in this bank. This bank RTGS department employee used to send an email to Sponsorship-Bank-RTGS Authority requesting pay-out on behalf of their customer to the specified bank account from their sponsored Current Bank Account and replenish it daily by deducting the amount from their customers the next day. Additionally, this Sponsorship-Bank RTGS Authority neither provided any confirmation before proceeding nor acknowledge the same transfer of funds request. In addition, this bank did not have browser security features installed, which made it easy for the hacker to penetrate into bank system and indirectly control it.     

The hacker, thus took undue advantage, accessed this victim bank’s RTGS-department compromised registered (leading paid email service provider) account and sent funds-transfer request to Sponsorship-Bank Authority using this compromised email during usual bank working hours. The sponsored-bank authority also did not verify the authenticity of the mail and completed the transaction. Upon understanding the urgency of the situation, this bank employee escalated the incident to his management team, who further contacted Shashwat Solutions for further consultation.

Further, this bank wanted to keep their costs minimum as possible. They used leading paid email service provider for requesting RTGS pay-out email to Sponsorship-Bank RTGS transfer department. Also, they did not conduct any information security induction for their employees from the point of view of saving bank expenses. Additionally, this bank’s RTGS department employees had no website restriction while accessing the internet.   

Hence, this issue proves the lethal consequences of providing unrestricted internet access to bank’s high risk employee, weak network infrastructure, lack of bank’s investment on securing its information systems and security compliance. The hacker unethically took advantage of this bank employee weakness with the help of browser extension tool and transferred the large sum of funds without even getting noticed easily. Moreover, it was identified during investigation, that this bank had not defined proper information security management policies before consulting Shashwat Solutions, which is important for maintaining bank’s information systems security.

Investigation

Upon the XYZ cooperative-bank case investigation request, Shashwat Solutions undertook this investigation case. 

Firstly, Shashwat Solutions primarily identified that this victim bank employees used personal leading paid email service provider for email communication, which was registered with Sponsorship-Bank RTGS Current Bank Account sponsored to transfer RTGS funds from this bank to the requested bank account specified by their customers . Also, it was noted that this bank had 40 to 50 daily RTGS transfer requests from their customers, where the bank neither got funds transfer approval request confirmation from the sponsored nor confirmation of the transaction completion.

Secondly, this bank used Linux operating systems, where no antivirus has been installed in their system, firewall was absent, all employees had free access to their internet and no filtering protection was found while accessing the browser. Also, while performing forensics on the RTGS employee’s system on which fraud has occurred, it was identified that he has browsed through multiple adult content websites through which the hacker used cross-site-scripting (XSS) attack and prompted the user to install (Leading paid email service provider) hacker extension. This malicious extension was made to look as a legitimate email notification extension for browser, thus helping the hacker to bypass email authentication and enter the bank employee’s RTGS request email account.   

Thirdly, during the investigation, it was identified that the hacker sophisticatedly launched a cyberattack on this bank. Before launching the attack, the attacker waited for few days and on one ongoing bank working day he accessed the victim (RTGS-Bank-employee’s email) to send an email to Sponsorship-Bank RTGS team, requesting to transfer funds into an account during usual bank working hours. Also, it was found that the account where the money got transferred was compromised as the hacker had already withdrawn the stolen funds before the incident came to victim bank’s knowledge.

Finally, it was found that bank’s information systems security policies were vague. Also, numerous unwanted logical ports were open in the bank’s network, which made it easy for the hacker to successfully enter into bank’s internal network and commence an opportunity-based attack.

Thus, during investigation, it was found out that the bank did not have sufficient information systems security present to prevent this occurrence of this incidence. Also, this incidence highlights how a hacker can penetrate into a bank’s internal network by using virus infected browser extension, wait to take situation advantage and illegally manipulate victim bank’s communication.

Analysis

Subsequently, after investigating the incidence root cause, we suggested the bank’s management to show obligation in acquiring resources such as firewall and server to help Shashwat Solutions to build a secure work environment for them. Also, we  consulted them in writing information security policies as per ISO27001 guidelines and RBI regulations along with documenting action plans to address risk and security improvement such as taking corrective action. 

As a part of corrective action, we suggested the bank’s management to allot private domain based email to their employees and mandatory change the registered email address linked with Sponsorship-Bank-RTGS-Daily-Transaction Current-Account with above new email. Then, we reconfigured the bank’s network infrastructure, where we implemented clean desktop policy, configured RTGS and NEFT servers to FTP server, adding separate firewall for ATM, RTGS and NEFT servers. Next we added DMZ server between the internet and this bank’s internal network. 

After that, we disabled browser extension after removing all of them, blocked unwanted ports in this bank’s network, and all bank employee’s USB Drive access including internet access to websites. Also, we configured log monitoring function and unknown IP address blacklisting in all their firewalls. Additionally, to prevent unauthorised access, we configured username and password along with force password change time-limit for each employee under FTP server storage policy. Further, we configured offline backup secure server to backup organization’s data on weekly basis. In addition, we suggested this organization’s director to get system/network security and firewall configuration awareness training from our consultancy.    

The above corrective action will help this bank from successfully become ISO27001 and RBI guidelines compliant. Also, this implementation will help the organization in preventing such incidence from reoccurring again and maintain a secure banking environment operations.

Client Testimonials

Know  what our customers have to say about us.

With great appreciation I thank to Shashwat Solution for their enormous efforts in co-operative sector. They have very good skill in maintain good relations through their work with each and every client. May God flourish them more and wish for their ‘Shashwat Existence’ in banking and Industry.
Mr. Mukund Sawaji Kalmakar
Mr. Mukund Sawaji KalmakarChairman Sundarlal Sawji Urban Co-Op Bank Ltd., Jintur President, Maharashtra Co-operative Banks Associations. LTD
For a long time we have been working with Shashwat Solutions. We had a great experience while working with Mr. Ajay Nikumb. He is very knowledgeable, and his readiness to help us during discussions about the system audit and Networking security has always benefited us while doing business and providing uninterrupted service to our customers in a secured service network. We appreciate his commendable knowledge in System audit, IS Network and security.
Dr. Shantilal Singi
Dr. Shantilal SingiChairman Vardhaman Nagari Sahakari Patsanstha M. Aurangabad, Maharashtra
On behalf of Management & all the employees of Pune People's Co-Op Bank Ltd., Pune, I request you to accept the appreciation for the excellent job performed consistently by you and your staff during past several months. In conducting System Audit, VAPT, and Data Migration Audit etc., though it was an enormous task you managed to perform it smoothly and efficiently! During the all assignments, I personally appreciate the professional approach, practical training on cyber security, time management, personal involvement, guidance about Do & Don'ts. I feel that Mr.Ajay Nikumbh & team had proved to be best friend, philosopher & guide for the bank. Thanks to your leadership and dedication. Due to your staff's teamwork and energy, we are enjoying smoothness in systems & procedures. You and your employees really deserves a big appreciation. I personally would like to thank you and your staff which is little difficult in present situation but I will request you to convey my gratitude and regards to all the employees of Shashwat Solutions.
Mr. Dixit Sadanand Vishnu
Mr. Dixit Sadanand Vishnugeneral manager, pune people's co-op bank ltd, PUNE
We have had the pleasure of working with Shashwat Solutions Pune and even more amazing person Mr Ajay Nikumb. He is everything, His thoughtful and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has made all of our transaction seamless. I am working with Walchandnagar Industries Limited. since 2008, Designed / implement the following solutions with M/S Shashwat Solutions 1) Networking 2) MS Exchange 3) Firewalls 4) WAN Security 5) End Point Security 6) Backup solutions
Mr. Ravi Tonapi
Mr. Ravi Tonapi GM IT - Walchand Industries Pune
जान है तो जहान है ' या उक्तीप्रमाणे बँकिंग क्षेत्रातील सायबर सुरक्षेचे पालन करून बँकिंग उद्योगासमोर येणाऱ्या नित्य धोक्यांना यशस्वीपणे सामोरे जायचे असेल तर नावाप्रमाणे शाश्‍वत असे सोलुशन देणाऱ्या श्री अजय निकुंभ सर यांचे आभार शाष्वत सोल्युशन पुणे म्हणजे,सहकारी बॅंका व पतसंस्था यासाठी माहिती सुरक्षेचे चालते बोलते विद्यापीठ आहे.
Mr Shirish Ghanekar
Mr Shirish GhanekarIt Head, Dapoli Urban Bank, Dapoli
We have been working with Shaswat Solutions since long time and its pleasure to work with them. Mr. Ajay Nikumb from Shaswat Solutions is amazing and knowledgeable person. He is everything, His attentive and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has given us solution in each and every area of I S Network, Audit and Security.
Mrs.Sujata Budhkar
Mrs.Sujata BudhkarGM IT -Sahyadri Industries Ltd. Pune
It is my pleasure to share my thoughts on M/S Shashawat Solution & their partner Mr.Ajay Nikumb ever smiling personality We have had the pleasure of discussing our requirement with Shashwat Solutions Pune Mr.Nikumb carrying and understanding nature that sets him above the rest. His ability to listen and understand our needs coupled with his incredible intuition has made all of our transaction seamless. I wish all the best to Shashwat & Mr.Ajay in particular.& getting many more laurels.
Mr.Vijay Laghate
Mr.Vijay LaghateAddl.Director (Purchase & Sourcing) Serum Institute Of India Ltd. Pune
Since 2012 we are working with Shashwat solutions pune. Whenever it comes to excellent services we can completely trust and depend on Mr. Ajay Nikumb and his team.If there is any problem regarding firewall, they will clear it off without disturbing our banks daily work routine Mr. Ajay Nikumb is truly a reliable gentleman . He has a very good listening skill, He first listens an then is ready with a solution over it. I am the Assistant general Manager (Data Centre In Charge) of Jalgaon Janata Sahkari Bank Ltd Jalgaon I am truly satisfied with the services provided by shashwat solutions at present they are providing us with firewall services
Mr. Rajesh Mahajan
Mr. Rajesh MahajanAssistant general Manager (Data Centre In Charge) of Jalgaon Janata Sahkari Bank Ltd Jalgaon
We have been working with Shashwat Solutions for almost past 15 years. We have been always impressed with their friendly but professional approach. Mr. Ajay Nikumb has always helped us in satisfying our requirements, with a Smile. We wish them a great success ahead.
Mr. Danny Nagdev
Mr. Danny NagdevGeneral Manager (IRD), Sr. Program Coordinator (IT-IDMP)
Previous
Next

Our Clients

Shashwat-Clients_0022_Walchand-Ind-Logo.jpg
Shashwat-Clients_0000_Vardhaman-bank-logo.jpg
Shashwat-Clients_0001_Tulja-bhavani-Bank-logo.jpg
Shashwat-Clients_0002_SynthesysLOGO.jpg
Shashwat-Clients_0003_Sundarlala-Sawaji-logo.jpg
Shashwat-Clients_0004_Sangali-Urban-Bank-logo.jpg
Shashwat-Clients_0005_Sahyadri-Logo.jpg
Shashwat-Clients_0007_Raigad-Dist.-CC-Bank-logo.jpg
Shashwat-Clients_0008_Pune-Peoples-logo.jpg
Shashwat-Clients_0009_Neeti-Solutions-logo.jpg
Shashwat-Clients_0010_Nagpur-Nagri-Sahakari-Bank-logo.jpg
Shashwat-Clients_0011_MKCL-logo.jpg
Shashwat-Clients_0012_Mestech-Pune-logo.jpg
Shashwat-Clients_0013_jjsbl_logo.jpg
Shashwat-Clients_0014_Ira-System-logo.jpg
Shashwat-Clients_0015_Hasti-Logo.jpg
Shashwat-Clients_0017_Deendayal-Bank-logo.jpg
Shashwat-Clients_0019_Bharat-Electronics-logo.jpg
Shashwat-Clients_0020_BAIf-logo.jpg
Shashwat-Clients_0021_Ace-Bank-Servers-logo.jpg
Shashwat Clients_0016_Expert Global logo
Shashwat Clients_0018_Cummins Engg College Logo
Previous
Next

Why Shashwat Solutions: Proven solutions that deliver value

Trusted

Trusted for over 20 years to provide faster and more accurate diagnosis of security issues. We understand that it’s not what we say, it’s what we find that matters.

Clear Independence

Shashwat Solutions IT has no constricting ties and no conflicts of interest. We are dedicated and responsive to our clients, allowing Shashwat Solutions IT to make recommendations that are aligned with your risk tolerance.

Cost Effective Recommendations

Shashwat Solutions IT’s proprietary services provide a thorough 360 degree review of your risks. Our recommendations provide a clear description of risks found and as well as cost effective steps to secure your systems.

Experienced

We know your industry. Shashwat Solutions IT has over 10 years of security audit experience in every type of industry from small public firms to large government agencies.

Highest Calibre Audit Team

Shashwat Solutions IT answers to global certifying bodies so you can be assured that all audits and recommendations are made under the highest level of quality, reliability, and thoroughness.