Cyber Criminals in Eastern Europe have evolved their cyber attacks against ATM machines. We have heard cyber criminals tries different tricks to solely target users with card skimmers that steal debit card numbers but they are now using a specialized malware to allow them to steal millions $’s in cash from ATM machines around the world without having to use debit or credit card.
The Tyupkin Malwatre attack was detected by an Russian based security firm Kaspersky Lab, which was asked by an unknown financial organization to investigate the attack.
Currently There are no details relating to the cyber criminal gang behind the cyber attacks, but the criminal gang has stolen “millions of dollars” from ATM Machines worldwide using the Tyupkin malware – says Kaspersky lab & Interpol, who are working together in to foil the cyber criminal gang, said in a joint statement released on Tuesday.
Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” said Vicente Diaz, principal security researcher at Kaspersky Lab.
Now we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs Machines themselves or launching direct Advanced Persistent Threat(APT)-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.”
Here’s how the Tyupkin Malware attack works:
- First the cyber criminals need to physically insert a bootable CD which installs the Tyupkin malware.
- Once the ATM machine is rebooted, the ATM is under the control of the cyber criminal gang.
- The sophisticated Tyupkin malware then runs in the background on an infinite loop awaiting a command from the attacker’s side.
- Tyupkin malware will only accept commands at specific times that is on Sunday and Monday nights making it harder to detect.
- To activate malware, a unique combination key based on random numbers is generated so that the possibility of a member of the public accidentally entering a code can be avoided.
- The criminal operator receives a phone call from another member of the criminal gang who knows the algorithm and is able to generate a session key based on the number shown. This helps prevent members of the gang going at it alone.
- When this session key is entered correctly, the ATM machine will display details of how much money is available in each cash cassette, inviting the operator to choose which cassette to steal from, and the number of available banknotes.
- After this, ATM will dispenses a maximum of 40 at a time from the chosen cassette.
Countries Affected by Tyupkin Malware :
While During investigation the security researchers found that more than 50 ATMs from banking institutions throughout Eastern Europe, and Russia. The malware appears to have since spread to the United States, India, China, Israel, France and Malaysia.