Recent Blog Entries
exbane - Nov 28 2016 11:58 AM
Sharatie - Oct 28 2016 02:18 PM
mashti - Mar 06 2015 08:13 AM
cmylxgo - Mar 01 2015 09:45 PM
CCSA Checkpoint 156-215.77
mashti - Feb 20 2015 10:03 AM
svenables35 - Oct 07 2014 12:52 PM
dpuc - Aug 25 2014 02:21 PM
nikeldev - Jun 21 2014 06:44 PM
silenciovoid - May 06 2014 06:41 AM
Unregisterred - Mar 27 2014 09:43 AM
Hackers target ATMs across Europe as cyber threat grows
By This $5 USB device can hijack your computer in 30 seconds
“They are taking this to the next level in being able to attack a large number of machines at once,” said Nicholas Billett, Diebold Nixdorf’s senior director of core software and ATM Security. “They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”
Group IB declined to name banks that were “jackpotted,” a term used to describe forcing ATMs to spit out cash, but said the victims were located in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia.Indeed, Dmitry Volkov, head of threat intelligence with Group IB, told Reuters he expects more heists on ATMs.
More Heists Expected
Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks.
A February attack on servers at Bangladesh’s central bank that controlled access to the SWIFT messaging system yielded more than $81 million in one of the biggest digital heists on record. Russian banks lost over $28 million in a series of wire-fraud cases that were identified earlier this year.
“What we are seeing demonstrated is the new model of organized crime,” said Shane Shook, an independent security consultant who helps banks and governments investigate cyber attacks and reviewed Group IB’s findings.
Diebold Nixdorf and NCR both said they had provided banks with information on how to thwart the new types of attacks.
“We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks,” said Owen Wild, NCR’s global marketing director for enterprise fraud and security.
Disclosure of the campaign follows two ATM hacks in July: $2.5 million was stolen from Taiwan’s First Bank and $350,000 from Thailand’s state-run Government Savings Bank.
Russian hackers accused of post-election attacks on US think tanks
Hackers remotely infected ATMs at both banks, forcing them to spit out cash that was collected by teams of “money mules,” who authorities say traveled to Asia from Eastern Europe.
One Criminal Group?
The US Federal Bureau of Investigation earlier this month sent a private alert to American banks, warning them to be on the lookout for attacks on ATMs following the heists in Taiwan and Thailand, the Wall Street Journal reported on Monday.
An FBI spokesman declined to comment on the attacks in Europe.
Group IB released a report describing its findings late on Monday, saying it believed the attacks across Europe were conducted by a single criminal group which it dubbed Cobalt.
It named them after a security-testing tool known as Cobalt Strike, which the perpetrators used in the heists to help them move from computers in the bank network that were infected with tainted emails to specialized servers that control ATMs.
Group IB believes that Cobalt is linked to a well-known cyber crime gang dubbed Buhtrap, which stole 1.8 billion rubles ($28 million) from Russian banks from August 2015 to January 2016, because the two groups use similar tools and techniques.
Buhtrap stole money through fraudulent wire transfers, not ATM jackpotting.
The ATM Security Association declined to comment on Group IB’s findings.
Members of the group, which works to improve ATM security, include ATM maker Diebold Nixdorf as well as banks ABN Amro, Bank of America Corp, Royal Bank of Scotland Group and Wells Fargo & Co.
Representatives of Europol, which coordinates investigations of cyber crimes across Europe, had no immediate comment.