Malware Makes ATMs 'spit cash'

There is warning that potential ATM attacks, similar to those in Taiwan and Thailand that caused ATMs to dispense millions, could happen in the US, EU and in other countries.

The FBI said in a recent bulletin that it was “monitoring emerging reports indicating that well-resourced and organized malicious cyber-actors have intentions to target the US financial sector.” 

Now, the Wall Street Journal has reported that the threat could be linked to malicious software used by the Russian gang known as Buhtrap, known for stealing money through fraudulent wire transfers. Sources said that the group has been testing ATM hacking techniques on Russian banks, and will soon look to try them out on financial institutions in other countries.

The first such attack on an ATM system was reported in the Taiwanese capital Taipei in July, after 22 thieves made off with $2.6 million from ATMs around the country by causing them to spit out cash. Criminals from eastern Europe and Russia are said by police to have used malware to infiltrate cash machines run by First Commercial Bank. Three suspects were eventually arrested in Taipei and north-east Taiwan, with around half the money recovered.

A similar attack was reported at the Government Savings Bank in Thailand the following month. There, the Ripper malware was used in a sophisticated campaign to steal 12 million baht (£265,400) from ATMs in Thailand. Ripper targets three major global ATM manufacturers, and is unusual in that it interacts with the targeted machine via a specially crafted bank card featuring an EMV chip which acts as an authentication method.

A Russian cybersecurity firm has issued a warning about a spate of remotely coordinated attacks on cash machines.

Hacks of banks' centralised systems had made groups of machines issue cash simultaneously, a process known as "touchless jackpotting", said Group IB. The machines had not been physically tampered with, it said, but "money mules" had waited to grab the cash.

Affected countries are said to include Armenia, Estonia, the Netherlands, Poland, Russia, Spain and the UK. But the company declined to name any specific banks.

Dmitriy Volkov from Group IB told the BBC a successful attack could net its perpetrators up to $400,000 (£320,000) at a time. "We have seen such attacks in Russia since 2013," he said. "The threat is critical. Attackers get access to an internal bank's network and critical information systems. That allows them to rob the bank."

Two cash machine manufacturers, Diebold Nixdorf and NCR Corp, told Reuters they were aware of the threat. "They are taking this to the next level in being able to attack a large number of machines at once," said senior director Nicholas Billett, from Diebold Nixdorf. "They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."

Follow the money

A recent report by Europol warned of the rise of cash-machine-related malware, although it said "skimming" - using hardware to steal card information at the machine itself - was still more common.

"The new method is being done by somehow gaining access to the banks' central systems and infecting whole communities of ATMs simultaneously, hence multiplying the amount of money that can be stolen in a short time," said Surrey University's cybersecurity expert Prof Alan Woodward.

Because criminals were collecting the cash in person, it made the crime more difficult to trace, he added.

"The classic way of solving online financial crime is to 'follow the money' - but when you can no longer do this, it is very hard to find out who is behind it, even though the evidence suggests it is a very limited number of groups that have started perpetrating this type of crime."

BBC:    Infosecurity:    Russian Cyber Gangs Linked To Bank Robberies:    Thai Cyber Bank Fraud Gang Busted:

Five major Russian Banks Attacked:


 

« Can Snowden Testify in Berlin?
Jihadi Cybercrime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.