Criminals are using malware to infect cash machines and steal millions in ready money, Kaspersky Lab has revealed.
The campaign was uncovered after Kaspersky was contacted by an unnamed financial institution that had been hit by the attack.
So far the malware has been found on over 50 ATMs at banking institutions in eastern Europe. It is also thought to have spread to the US, India and China.
The scam works by gaining physical access to the ATM and inserting a CD that contains the malware, codenamed Tyupkin by Kaspersky.
Once installed, the crooks can reboot the system and control the machine. Using a unique code, they then log-in to the system and force it to hand over the cash.
The attackers have used some clever methods to avoid detection. The malware is operable only on Sunday or Monday nights, and requires a code generated randomly from another location and provided to the ‘money mule’ at the ATM.
Kaspersky said this ensures that the crooks in charge do not have to worry about a member of the public somehow being given cash, or a subordinate attempting to ‘go rogue’ and use the machine when they want. A video below show the hack in action.
Kaspersky urged financial firms to take immediate action on the threat. This included replacing the physical locks on ATMs, installing alarms, changing the default BIOS password and installing anti-virus software.
“The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure,” said Vicente Diaz, principal security researcher at Kaspersky Lab’s Global Research and Analysis Team.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly."
Sanjay Virmani, director of the Interpol Digital Crime Centre, said the latest threat underlined the myriad risks faced by organisations.
“Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi,” he said.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC