ATMs around the world are falling victim to malicious software that allows thieves to withdraw large amounts of cash at any given time.
Forensic experts are investigating a string of cybercriminal attacks targeting ATMs using a piece of malware Kaspersky Lab experts call "Tyupkin," according to the Daily Mail. The malicious software allows thieves to visit cash machines and drain them—stealing millions in the process—without the need of a credit or debit card, the newspaper said.
Interpol is working with countries in Latin America, Europe and Asia where the malware has been a problem.
The criminals typically work on Sunday and Monday nights, the Mail said. Once an ATM has been chosen, the criminals insert a bootable CD in order to install the malware. At this point the thieves enter a combination of digits on the keyboard, without having to insert a debit or credit card, according to the paper.
After the combination of digits has been entered, the cybercriminals reboot the system putting machine under their control, the report said. After a successful infection, the malware runs in an infinite loop waiting for the criminal to enter another command. It is at this point that the thief calls a fellow thief in order to receive the set of digits that will eventually dispense the stolen cash.
The digits that are enterd are completely random and unique to the heist. This ensures that no one outside the gang can accidentally profit from the fraud.
The cybercriminal receives instruction over the phone from an operator who knows the algorithm and is able to generate a "key" based on the number shown on the machine. This ensures that the cash mules don't attempt to do the heist alone and run away with the cash.
When the correct key is entered, the ATM displays how much cash is available in each cassette, inviting the thief to choose which cassette to rob from.
The ATM then dispenses cash 40 banknotes at a time from the selected cassette.
"Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software," said Vicente Diaz, principal security researcher at Kaspersky Lab's Global Research and Analysis Team, according to the Mail. "Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly."
"This is done by infecting ATMs themselves or launching direct Advanced Persistent Threat style attacks against banks," he added. "The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure."
Kaspersky has advised banks to review the physical security of their ATMs and network infrastructure to fight the problem.
"Offenders are constantly identifying new ways to evolve their methodologies to commit crimes," said Sanjay Virmani, director of the Interpol Digital Crime Center, the newspaper reported. "It is essential that we keep law enforcement in our member countries involved and informed about current trends and modus operandi."