- City Fajr Shuruq Duhr Asr Magrib Isha
- Dubai 04:49 06:04 12:25 15:52 18:40 19:55
Interpol has alerted banks of a new malware that is affecting ATMs across the globe allowing hackers to empty cash directly from the machines.
Yes, they first picked your pockets, then they physically robbed banks, after which they targeted online banking system and now they have zeroed in on ATM machines.
They are no more masked men with pistols in hand, they have transformed into cyber criminals using sophisticated technology and algorithms to steal money directly from ATM machines without even using a debit or a credit card.
Kaspersky which along with Interpol investigated the crime has codenamed the malware as Tyupkin and the latter has now issued a global alert to all leading banks about their new discovery.
Kaspersky Lab said its experts performed a forensic investigation into such attacks and discovered a piece of malware that infected the ATM machines to empty the cash machines via direct manipulation, stealing millions of dollars. Interpol alerted the affected member countries and is assisting ongoing investigations.
What’s interesting is that these cyber criminals like traditional robbers work mostly at night and that too only on Sundays and Mondays.
But they execute their act without inserting a single credit card or debit card into the ATM slot. According to Kaspersky they “enter a combination of digits on the ATM’s keyboard, make a call to receive further instructions from an operator, enter another set of numbers and the ATM starts giving out cash, lots of cash. Then they leave.”
Explaining the modus operandi Kaspersky said crime itself is committed in two stages.
“First, they get physical access to the ATMs and insert a bootable CD to install the malware –Tyupkin. After they reboot the system, the infected ATM is under their control.
After a successful infection, the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours the attackers are able to steal money from the infected machine.”
The video below demonstrates the process in detail:
The cybercriminals are clever they do not want anyone else to run away with their exploits. Therefore, they created a system where a unique digit combination key based on random numbers is freshly generated for every session.
The code is then sent to a member of the group along with other instructions over the phone.
“When the key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to rob. After this the ATM dispenses 40 banknotes at a time from the chosen cassette.”
According to Kaspersky several ATM machines across Latin America, Europe and Asia have already been targeted.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure,” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team.
“We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions,” Diaz added.
Banks have also been urged to immediately contact low enforcement agencies within their respective countries and to overhaul the entire security systems.
Sanjay Virmani, Director, Interpol Digital Crime Centre, offenders are constantly identifying new ways to evolve their methodologies to commit crimes, “And it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi.”
Kaspersky has listed some of the measures that banks need to adopt:
Review the physical security of their ATMs and consider investing in quality security solutions.
Replace all locks and master keys on the upper hood of the ATM machines and ditch the defaults provided by the manufacturer.
Install an alarm and ensure it is in good working order. The cyber-criminals behind Tyupkin only infected ATMs that had no security alarm installed.
Change the default BIOS password.
Ensure the machines have up-to-date antivirus protection.
Follow Emirates 24|7 on Google News.
