Malware Makes ATMs 'spit cash'

Uploaded on 2016-11-30 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

There is warning that potential ATM attacks, similar to those in Taiwan and Thailand that caused ATMs to dispense millions, could happen in the US, EU and in other countries.

The FBI said in a recent bulletin that it was “monitoring emerging reports indicating that well-resourced and organized malicious cyber-actors have intentions to target the US financial sector.” 

Now, the Wall Street Journal has reported that the threat could be linked to malicious software used by the Russian gang known as Buhtrap, known for stealing money through fraudulent wire transfers. Sources said that the group has been testing ATM hacking techniques on Russian banks, and will soon look to try them out on financial institutions in other countries.

The first such attack on an ATM system was reported in the Taiwanese capital Taipei in July, after 22 thieves made off with $2.6 million from ATMs around the country by causing them to spit out cash. Criminals from eastern Europe and Russia are said by police to have used malware to infiltrate cash machines run by First Commercial Bank. Three suspects were eventually arrested in Taipei and north-east Taiwan, with around half the money recovered.

A similar attack was reported at the Government Savings Bank in Thailand the following month. There, the Ripper malware was used in a sophisticated campaign to steal 12 million baht (£265,400) from ATMs in Thailand. Ripper targets three major global ATM manufacturers, and is unusual in that it interacts with the targeted machine via a specially crafted bank card featuring an EMV chip which acts as an authentication method.

A Russian cybersecurity firm has issued a warning about a spate of remotely coordinated attacks on cash machines.

Hacks of banks' centralised systems had made groups of machines issue cash simultaneously, a process known as "touchless jackpotting", said Group IB. The machines had not been physically tampered with, it said, but "money mules" had waited to grab the cash.

Affected countries are said to include Armenia, Estonia, the Netherlands, Poland, Russia, Spain and the UK. But the company declined to name any specific banks.

Dmitriy Volkov from Group IB told the BBC a successful attack could net its perpetrators up to $400,000 (£320,000) at a time. "We have seen such attacks in Russia since 2013," he said. "The threat is critical. Attackers get access to an internal bank's network and critical information systems. That allows them to rob the bank."

Two cash machine manufacturers, Diebold Nixdorf and NCR Corp, told Reuters they were aware of the threat. "They are taking this to the next level in being able to attack a large number of machines at once," said senior director Nicholas Billett, from Diebold Nixdorf. "They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."

Follow the money

A recent report by Europol warned of the rise of cash-machine-related malware, although it said "skimming" - using hardware to steal card information at the machine itself - was still more common.

"The new method is being done by somehow gaining access to the banks' central systems and infecting whole communities of ATMs simultaneously, hence multiplying the amount of money that can be stolen in a short time," said Surrey University's cybersecurity expert Prof Alan Woodward.

Because criminals were collecting the cash in person, it made the crime more difficult to trace, he added.

"The classic way of solving online financial crime is to 'follow the money' - but when you can no longer do this, it is very hard to find out who is behind it, even though the evidence suggests it is a very limited number of groups that have started perpetrating this type of crime."

BBC:    Infosecurity:    Russian Cyber Gangs Linked To Bank Robberies:    Thai Cyber Bank Fraud Gang Busted:

Five major Russian Banks Attacked:


 

« Can Snowden Testify in Berlin?
Jihadi Cybercrime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.