sciencetech-blog

comments

Computer viruses may make your laptop run slower and even steal personal details such as passwords, but they can also attack cash machines - with expensive results.

Experts have forensically investigated cybercriminal attacks targeting ATMs around the world and have discovered a piece of malware called 'Tyupkin' that is leaving hundreds of machines at risk.

This malicious software allows thieves to visit cash machines and empty them – stealing millions in the process - without the need for a card. 

Scroll down for video 

Experts have investigated cybercriminal attacks targeting ATMs around the world and discovered a piece of malware that infects them. This malicious software allows thieves to visit cash machines and empty them (illustrated with a stock image), using a unique code. It has been spotted in Latin America, Europe and Asia

Interpol is working with countries in Latin America, Europe and Asia where the malware is a problem, to stop the practice.

Criminals typically work on Sunday and Monday nights. 

They visit their chosen cash machine, which they have infected with malware, and enter a combination of digits on the keyboard, without having to insert a debit or credit card.

They then make a call to receive further instructions from a fellow thief, before entering another set of numbers. The ATM then starts giving out cash.

The attack is made up of two parts. On the first visit to a chosen machine, the thieves insert a bootable CD to install the malware, which has been named Tyupkin by Kaspersky Lab experts who carried out the investigation.

Criminals typically work on Sunday and Monday nights. They visit their chosen infected ATM and enter a combination of digits on the keyboard, without having to a card. A less tech-savvy method of stealing cash from machines involves watching someone punching in their pin number (stock image)

The cybercriminals later reboot the system, putting the infected ATM under their control.

After a successful infection, the malware runs in an infinite loop waiting for a command. 

To make the scam harder to spot, Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. 

During those hours, the attackers are able to steal money from the infected machine.

Video footage obtained from security cameras at targeted cash machines shows thieves entering a unique digit combination key.

It is based on random numbers and is freshly generated for every session. 

This ensures that no person outside the gang can accidentally profit from the fraud.

The malicious operator then receives instructions by phone from another member of the gang who knows the algorithm and is able to generate a 'key' based on the number shown. 

This ensures the mules collecting the cash do not try to go it alone and make a run for it.

When the key is entered correctly, the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to rob. 

After this, the ATM dispenses 40 banknotes at a time from the chosen cassette.

Interpol is working with countries in Latin America, Europe and Asia where the malware is a problem to stop the practice. This image shows an analyst combing through code in the malware lab in a bid to understand how it works and create defensive strategies, at Idaho National Laboratory

'Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. 

'Now we are seeing the natural evolution of this threat with cybercriminals moving up the chain and targeting financial institutions directly,' said Vicente Diaz, Principal Security Researcher at Kaspersky Lab's Global Research and Analysis Team.

'This is done by infecting ATMs themselves or launching direct Advanced Persistent Threat (APT) - style attacks against banks.

'The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure.'

Kaspersky has advised banks to review the physical security of their ATMs and network infrastructure to combat the problem.

Sanjay Virmani, Director of the Interpol Digital Crime Centre, said: 'Offenders are constantly identifying new ways to evolve their methodologies to commit crimes, and it is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi.'