A major cybercrime attack leading to suffering of the Pakistani banks have been listed for sale on the dark web that has compromised card data of at least 20,000 users. The cybercrime was first spotted soon after the withdrawal of $2.6 million on 27th of October from a bank of Karachi that was carried on via the internationally accepted card payment modes. A cybersecurity report firm group IB, revealed that 22 Pakistani banks were affected that included MCB Bank, Bank of Punjab, Habib Bank, Soneri Bank, Bank Alfalah, BankIslami, Faysal Bank and JS Bank. Though the individual losses from each bank are not publicly known, a total of 19,864 bank cards were hacked and sold on the dark web markets between 26th October and 31st October. Another instance of data dump of over 177,000 bank cards of Pakistan has been traced on one of the most popular card shop on dark web, Joker’s Stash.
A threat analysis report that came up as a result of The Pakistan Computer Emergency Response Team that stated posting of 9000 debit cards on the dark web till 26th October that extended to 12000 cards posted on 31st of October. The cards were auctioned on the dark web markets and being sold to the highest bidder having prices going high as $160 and not less than $100.
Following the cyberattack, a directive was issued by the central bank of Pakistan known as State Bank of Pakistan (SBP) to hold back credit and debit cards related transactions from 3rd of November considering the transactions that are either fraudulent or involves a large amount of the transacted value. The directive also mentioned the immediate improvement of their cybersecurity, finding out the systems that facilitated illegitimate transactions.