Hackers Are Stealing Millions From ATM Worldwide With New Malware
REUTERS/Suzanne Plunkett
The hackers are using a piece of malware called Tyupkin, which once installed on an ATM, allows the criminals to steal huge amounts of money by simply entering a series of codes.
The malware has so far been detected infecting ATMs in Europe, Latin America, and Asia.
The attack was detected by Russian security firm Kaspersky Lab, which was asked by an unnamed financial institution to investigate the cyber-attack.
There are no details relating to the criminal gang behind the attacks, but Kaspersky Lab says the gang has stolen "millions of dollars" using the Tyupkin malware.
"Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab.
"Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching directAdvanced Persistent Threat (APT)-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure."
Kasperksy alerted Interpol to the attacks and it has informed the affected countries.
"Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi," said Sanjay Virmani, director of the Interpol Digital Crime Centre.
Here's how the Tyupkin attack works:
- First the criminals need to gain physical access to the ATMs, allowing them to insert a bootable CD which installs the malware.
- After the system is rebooted, the ATM is under the control of the gang.
- The malware then runs in the background on an infinite loop awaiting a command.
- The malware will only accept commands at specific times, on Sunday and Monday nights, making it harder to detect.
- To activate the malware, a unique combination key based on random numbers is generated, to avoid the possibility of a member of the public accidentally entering a code.
- The criminal carrying out the theft on the ground then receives a phone call from another member of the gang, who relays a session key based on the number shown on the ATM's screen. This helps prevent members of the gang going at it alone.
- When this session key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to steal from.
- After this, the ATM dispenses 40 banknotes at a time from the chosen cassette.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- Catan adds climate change to the latest edition of the world-famous board game
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- JNK India IPO allotment – How to check allotment, GMP, listing date and more
- Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market