banner1
Logo Blinking Image
banner2

HOME
Breaking News

Urgent Advisory for BFSI sectors-CERT-India

by VARINDIA 2018-10-31
Urgent Advisory for BFSI sectors-CERT-India

There is a significant rise in cyber security incidents in the country and globally, targeting financial service industries and banks, particularly its ATM driving and switching infrastructure, SWIFT applications and overall ICT infrastructure with the intention of stealing cash or sensitive data. There is mitigation recommendations for Financial Institutions to prevent breaches of Payment Systems.

Highlights of recommendations:


Security measures for payment Gateways and ATM driving and switching systems


Configure the switch application server to log transactions and preferably route to a centralized logging mechanisms. Routinely rotate, audit transactions and system logs and check for anomalies. 



Execute Access to local operating system accounts with system-level administrative rights is restricted to the maximum extent possible. Usage is controlled, monitored, and only permitted for relevant activities such as software installation and configuration, maintenance, and emergency activities. At all other times, the Accounts are restricted from being accessed 



Regular check on the configuration changes and appropriate usage of configuration and change management. We have observed that the miscreants were successful in making changes to critical monitoring devices to exclude certain operations so as to hide their tracks. Stringent change management policies on 


Isolate Payment [ATM/ card processing/ HSM] System network with strict control policies and rigorous monitoring. Implement Multi factor authentication for accessing ATM switch application and other related application server systems.


Firewalls, AV gateways, Mail servers, Active Directories and enforcing effective change control policies


Baseline the regular activities in the ATM Application switch network. Diligently identify behaviors such as unexpected SSH logins, new System Services/ processes, new User account Creations, command history, log in user history, network usages and changes in system configurations. 



Implement adequate and tested network security controls prevent internet hosts from accessing the private network infrastructure servicing your payment switch application server. Deploy Strict firewall policies to check for connections to and from Core- banking network systems /branches /SWIFT / payment gateways etc. 



Develop a baseline of the day to day [/weekly] expected transaction amounts, frequency, and timing and offshore transactions. Monitor and flag anomalous transactions for suspected fraudulent activity. Ensure Close co-ordination with payment processing providers VISA, MasterCard, NPCI etc. for anomalous / bogus transactions and real-time response for those transactions. 



Segmentation between the customer’s locally hosted SWIFT infrastructure and its larger enterprise network reduces the attack surface and has shown to be an effective way to defend against cyber attacks which commonly involve compromise of the enterprise network.


Define a secure Swift Zone to include only SWIFT related components, including the messaging interface, communication interface, SWIFTNet Link, Hardware Security Module, cloud connector, jump server and machines solely dedicated to the operation or administration of the locally hosted. 



SWIFT infrastructure and this zone should only contains software that is necessary to secure, operate, monitor, and manage the secure zone. Non-essential systems or software cannot be located within the secure Zone (for example, Microsoft Office, e-mail client software, browser applications and other related).


The users of the SWIFT NETWORK should use Dedicated or restricted methods to access the systems and services. Use physical machines located within the secure zones (that is machines used only for SWIFT purposes or Jump servers, Or from local machine to a separate Virtual Machine (VM) on a central environment in order to access the secure zone having no other software installed, except for the software needed to operate, monitor, and secure it. 



Restrict /block internet access in the SWIFT network such as Any required Internet access is permitted only if initiated in the outbound direction, or to whitelisted sites etc. 



The Windows servers are either stand-alone or member of a dedicated secure zone Active Directory forest to use either local authentication or a secure zone dedicated authentication system (for example dedicated instance of LDAP/RADIUS solutions) to protect the secure zone against compromise of the enterprise central authentication systems including theft of authentication credentials to avoid pass- the-hash and pass-the-token attacks. 



SWIFT operators must be cautioned social engineering, shoulder surfing, key logger and spear-phishing. Instances of sending fake messages (letters of credit or payments formatted like SWIFT messages) outside of the SWIFT Network were seen. Operators should be taught that SWIFT messages should only be sent over the SWIFT Network. Messages formatted like SWIFT messages outside of the SWIFT Network should not be acted upon.


In an unlikely event, if the SWIFT machines are compromised, additional applications on the system can be further compromised to gain additional access. Instances of Keyloggers, Screen scrappers, Credential dumpers were observed from SWIFT Zones to gain necessary SWIFT credentials. Thus attackers are in a position to locally create, approve and submit messages as any legitimate user would do through the back office or interface applications. Interface Software connecting to the SWIFT network will not flag these messages as fraudulent and attackers and attackers hide evidence by removing some of the traces of the fraudulent messages. Keep in touch with SWIFT for regular updates /IOCs, attack patterns and apply them on your swift network. 




System hardening applies the security concept of “least privilege” to a system by disabling features and services that are not required for normal system operations. This process reduces the system capabilities, features, and protocols that a malicious person may use during an attack .For more information,pls. visit:www.cert-in.org.in.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Acronis Finds Spyware Hidden in Fake Red Alert App

Acronis Finds Spyware Hidden in Fake Red Alert App

Global cyber threats remain elevated in February 2026 despite drop in ransomware cases

Global cyber threats remain elevated in February 2026 despite drop in ransomware cases

Cohesity enhances Data Security portfolio with Cyera DSPM to strengthen cyber resilience

Cohesity enhances Data Security portfolio with Cyera DSPM to strengthen cyber resilience

SOFTWARE
View All
Amazon brings sharp humour and sarcasm to Alexa+ by adding 'Sassy' personality

Amazon brings sharp humour and sarcasm to Alexa+ by adding 'Sassy' personality

ADDA.io introduces industry-first DPDP Act compliant consent manager for housing societies

ADDA.io introduces industry-first DPDP Act compliant consent manager for housing societies

Agora removes barriers to scalable voice AI agents

Agora removes barriers to scalable voice AI agents

START - UP
View All
JetStream Launches With $34M to Govern Enterprise AI

JetStream Launches With $34M to Govern Enterprise AI

Deepinder Goyal’s ‘Temple’ Secures Rs.491 Cr at Rs.1,730 Cr Valuation

Deepinder Goyal’s ‘Temple’ Secures Rs.491 Cr at Rs.1,730 Cr Valuation

upGrad Expands Ecosystem with Internshala Acquisition

upGrad Expands Ecosystem with Internshala Acquisition

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
fc
Start-Up and Unicorn Ecosystem
Handala Cyberattack Disrupts Stryker Systems

Handala Cyberattack Disrupts Stryker Systems

Keysight expands digital-layer validation for 1.6T interconnects in AI data centers

Keysight expands digital-layer validation for 1.6T interconnects in AI data centers

Wipro to help TruStage transform its retirement services business

Wipro to help TruStage transform its retirement services business

NXP CoreRide puts Automakers on Fast Path to 48 V Scalable Zonal Architectures

NXP CoreRide puts Automakers on Fast Path to 48 V Scalable Zonal Architectures

Middle East War Risks Chip Supply

Middle East War Risks Chip Supply

Hikstorage Empowers Efficient Digital Life with Comprehensive Storage Solutions

Hikstorage Empowers Efficient Digital Life with Comprehensive Storage Solutions

Honeywell and IIT Bombay set up CoE to advance sustainability skills and innovation

Honeywell and IIT Bombay set up CoE to advance sustainability skills and innovation

Smart Glasses Face Recognition Raises Privacy Concerns

Smart Glasses Face Recognition Raises Privacy Concerns

Safe Harbour Reset : A 'game-changer moment' for India's IT Services Sector

Safe Harbour Reset : A 'game-changer moment' for India's IT Services Sector

FROM DIALOGUE TO DESTINY: INDIA REWRITES THE GLOBAL AI SCRIPT

FROM DIALOGUE TO DESTINY: INDIA REWRITES THE GLOBAL AI SCRIPT

dsf