Hitachi hackers cashed in on security gaps in India’s worst-ever cyber security breach Information Technology
MUMBAI: From late May to end July of 2016, India was struck by what till now is the worst cyber breach to compromise the country’s payments network. Bank customers, including several foreign travellers, using as many as 3.2 million debit cards feared that their accounts had been hacked. Weeks after the panic — by when thousands had lost money surfaced that hackers had penetrated the network of Hitachi to which some banks had outsourced their ATM transaction processing. RBI sent out a flurry of dos and don’ts to banks, held meetings with payments companies such as VISA, MasterCard and National Payments Corporation of India; and Hitachi hired a Bengaluru-based payments security firm to carry out a forensic audit.
There are four stages in the ‘kill-chain’ of a cyber breach: (1) how the malware gets in; (2) how it escalates within the system; (3) how data is taken out; (4) how effectively the hacker cleans the system it penetrates. Besides the scale and extent of the compromise, what distinguishes the Hitachi breach compared with past attacks is the pace at which the malware travelled within the Hitachi network once it was inside. “The code was written in a way that it made sure the malware worked on the Hitachi system… it was virtually sitting on the administrator’s laptop,” said another person familiar with the investigation