Criminals are using malware to infect cash machines and steal millions in ready money, Kaspersky Lab has revealed.
The campaign was uncovered after Kaspersky was contacted by an unnamed financial institution that had been hit by the attack.
So far the malware has been found on over 50 ATMs at banking institutions in eastern Europe. It is also thought to have spread to the US, India and China.
The scam works by gaining physical access to the ATM and inserting a CD that contains the malware, codenamed Tyupkin by Kaspersky.
Once installed, the crooks can reboot the system and control the machine. Using a unique code, they then log-in to the system and force it to hand over the cash.
The attackers have used some clever methods to avoid detection. The malware is operable only on Sunday or Monday nights, and requires a code generated randomly from another location and provided to the ‘money mule’ at the ATM.
Kaspersky said this ensures that the crooks in charge do not have to worry about a member of the public somehow being given cash, or a subordinate attempting to ‘go rogue’ and use the machine when they want. A video below show the hack in action.
Kaspersky urged financial firms to take immediate action on the threat. This included replacing the physical locks on ATMs, installing alarms, changing the default BIOS password and installing anti-virus software.
“The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure,” said Vicente Diaz, principal security researcher at Kaspersky Lab’s Global Research and Analysis Team.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly."
Sanjay Virmani, director of the Interpol Digital Crime Centre, said the latest threat underlined the myriad risks faced by organisations.
“Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi,” he said.
Warming was most pronounced in Siberia region
The tank will be subjected to high stresses and loads via dozens of hydraulic cylinders during testing
'Sunlit wet sidewalk' provides evidence of methane rainfall on the north pole of Saturn's moon Titan
Methane rainfall indicates the start of the summer season in Titan's northern hemisphere
Scientists believe there could be other hydrides or superhydrides with super conducting properties