India should replace old ATMs and update its software as Russian virus ' Tyupkin' is planning to attack

After spotting that many of the ATMs in India are old and use outdated software, Russians hackers are now trying to attack them using 'Tyupkin', a virus that has the sinister power to force cash machines into maintenance mode and spew out currency notes.

A shadowy Russian teenager has emerged as the new threat to Indian banks. He's said to hack ATMs using the virus.

NCR Corp, the world's largest maker of ATMs, alerted banks about the malware about a month ago. The 19-yearold Russian's hands are suspected to have reached into India after some people were found trying to rob ATMs in Surat by infecting cash machines. The case is under investigation.

The modus operandi involves plugging in a USB drive or rebooting the ATM after taking off the side or back panel of an ATM. Once infected, a few simple keystrokes cause the cash to flow out.

Not only that, a year ago cyber attacks had rattled banks in Europe and parts of Asia and Latin America. A Russian gang, known as Anunak in the world of cyber crime, that was responsible for the attacks is said to have turned its attention on India.

How serious is the matter?

NCR India managing director Navroze Dastur is of the view that ATMs of all types, irrespective of their make, are vulnerable to malware attacks. "We have advised all banks certain precautionary measures like password protection, upgrading software and whitelisting the ATM software," he said.

What should be done to minimize the risk?

NCR recommends device control for anything connectable to ATMs, using firewalls and providing the possibility to update software securely and without risks.

Whitelisting is a process that ensures only authorized programs and pre-approved applications can run on an ATM.

"So, when a new software used by a hacker attempts to barge in, the machine will not accept the same. Some of the banks have implemented it," said Dastur.

Until now, card skimming — stealing customer data to withdraw cash or carry out online transactions — had been the prime security headache for the country's banking industry. That led the Reserve Bank of India to direct banks to issue chip-based and PIN-enabled debit and credit cards.

Is malware like Tyupkin has raised the threat to a new level?

"Unlike skimming fraud, malware attacks like Tyupkin are highly coordinated, involving techies who are familiar with the functioning of ATMs and are able to locate the USB port to plant such malware," said Bharat Panchal, who heads risk management at National Payments Corporation of India (NPCI). "They key in the commands and take out the cash after receiving instructions from the mastermind who is typically located abroad."

Panchal, who had sensed the possible threat from such attacks in October 2014, is currently working with industry experts at the instruction of RBI to suggest ways to strengthen ATM security.

Even as banks, regulators and cyber security experts devise protective walls, faceless hackers are honing their tools and strategies.

(Image: Indiatimes)