Media outlets in India report that an unidentified hacker managed to steal around $1 million from Razorpay, a payment processing company. Apparently, the attacker remained hidden in the company’s systems for three months, manipulating security mechanisms to authenticate over 800 illegitimate transactions.
Razorpay Software Private Limited provides online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and even cryptocurrency wallets.
The malicious activity was detected when a team at Razorpay Software Private Limited was auditing the transactions. Company employees were unable to reconcile transaction files with funds in enterprise accounts.
Abhishek Abhinav Anand, in charge of legal disputes and legislative compliance at Razorpay, filed a complaint with the southeast Indian cybercrime unit earlier this week.
Authorities are trying to identify the hacker or hacker group responsible for the attack, based on recorded online transactions. Meanwhile, Razorpay also ordered an internal investigation, revealing that the attacker compromised and manipulated the transaction authorization process to complete the attack; as a result, threat actor approved a total of 831 failed transactions, which mean losses around $1 million.
Razorpay shared with law enforcement detailed information about these 831 illegitimate transactions, including date, time and IP address.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.