[stock-market-ticker symbols="FB;BABA;AMZN;AXP;AAPL;DBD;EEFT;GTO.AS;ING.PA;MA;MGI;NPSNY;NCR;PYPL;005930.KS;SQ;HO.PA;V;WDI.DE;WU;WP" width="100%" palette="financial-light"]

Cyber criminals remotely forced ATM-s to spit out cash – attacks reported even on banks in Romania

23 noiembrie 2016

Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks.

Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash, according to Russian cyber security firm Group IB.


Diebold Nixdorf and NCR Corp, the world’s two largest ATM makers, said they were aware of the attacks and have been working with customers to mitigate the threat. The newly disclosed heists across Europe follow the hacking of ATMs in Taiwan and Thailand that were widely reported over the summer.

In July: $2.5 million was stolen from Taiwan’s First Bank and $350,000 from Thailand’s state-run Government Savings Bank. Hackers remotely infected ATMs at both banks, forcing them to spit out cash that was collected by teams of „money mules,” who authorities say traveled to Asia from Eastern Europe.

Although cyber criminals have been attacking cash machines for at least five years, the early campaigns mostly involved small numbers of ATMs because hackers needed to have physical access to cash out machines.

The recent heists in Europe and Asia were run from central, remote command centers, enabling criminals to target large numbers of machines in „smash and grab” operations that seek to drain large amounts of cash before banks uncover the hacks.

“They are taking this to the next level in being able to attack a large number of machines at once,” said Nicholas Billett, Diebold Nixdorf’s senior director of core software and ATM Security. “They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”

Group IB declined to name banks that were “jackpotted,” a term used to describe forcing ATMs to spit out cash, but said the victims were located in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia.Indeed, Dmitry Volkov, head of threat intelligence with Group IB, told Reuters he expects more heists on ATMs.

Group IB released a report describing its findings late on Monday, saying it believed the attacks across Europe were conducted by a single criminal group which it dubbed Cobalt. (www.group-ib.com/cobalt.html)

It named them after a security-testing tool known as Cobalt Strike, which the perpetrators used in the heists to help them move from computers in the bank network that were infected with tainted emails to specialized servers that control ATMs.

Group IB believes that Cobalt is linked to a well-known cyber crime gang dubbed Buhtrap, which stole 1.8 billion rubles ($28 million) from Russian banks from August 2015 to January 2016, because the two groups use similar tools and techniques.

Source: Reuters

Noutăți
Cifra/Declaratia zilei

Anders Olofsson – former Head of Payments Finastra

Banking 4.0 – „how was the experience for you”

So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”

Many more interesting quotes in the video below:

Sondaj

In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale?