Cyber criminals are feeding malware into ATM machines in Asia and Europe, using a key-generation system to ensure only gang members can harvest cash on the two days of each week the reprogrammed machines are open to cardless commands, according to alerts from Interpol and security firm Kaspersky.

Kaspersky said it detected the string of ATM attacks in countries in Asia, Latin America and Europe. The Russian security firm began looking into the matter after a financial institution alerted it to the situation, and Interpol stepped in to assist with the investigation.

The attackers bend the wills of the ATMs by installing malware known as Backdoor.MSIL.Tyupkin, feeding the malicious software into machines using CD-ROMs. Tyupkin then perpetually infects the machines, opening up the ATMs to hackers on Mondays and Sundays only.

On either of the days the compromised ATMS are open to deliver cash without cards, the hackers use a randomly generated key to access as much cash as the machines can offer.

"Video footage obtained from security cameras of the infected ATMs showed the methodology used to access the cash from the machines," states a Kaspersky representative. "A unique digit combination based on random numbers is newly generated for every session. This ensures that no person outside the gang could accidentally profit from the fraud."

As cyberattacks increase in frequency, Kaspersky has noticed an especially large uptick in ATM attacks in recent years, according to Vicente Diaz, principal security researcher at Kaspersky Lab.

"Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly," says Diaz. "This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure."

While the physical contact required to launch the attack puts the hackers out in the open, the sheer number of ATMs on the streets of Europe spreads out the risks of exposure.

"Since criminals require physical access to the ATM, that severely limits what can be achieved," said Jean-Philippe Taggart, senior security researcher at Malwarebytes Labs. "Europe has many ATMs directly on the street, and that makes them somewhat more vulnerable to physical attack."

Kaspersky recommends that banks upgrade the manufacturer-provided locks on the ATM, change the default password of the machine's basic input-output systems, update their virus protection and fit the automated tellers with alarms.

Check out the video below to see how a compromised ATM gives in to the malware and gives out other people's cash:

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion