As reported, this hybrid attack involved many banking institutions that got damaged in the process of this cyber intrusion.
A problematic ATM hacking campaign that targeted numerous banks in the regions of Eastern Europe and Russian region earlier this year, saw an unknown hacker organization steal and collect in total around 40 million dollars (£30m). This was not an ordinary attack like other financial institution hack campaigns, these attacks concerned both cyber intrusion in addition to physical tiers.
The hackers withdrew large sums of cash from targeted banks’ ATM machines, positioned in international locations outdoor the banks’ originating country. This move has ensured that the cybercriminals may want to steal millions without the targeted banks understanding that breach had occurred.
As the security experts at Trustwave, who investigated the attacks report, the cybercriminals recruited “mules” to actually visit the targeted banks, create a new bank account and request a debit card that will be associated with their account. These debit cards have been redistributed by the mules to global conspirators positioned outside the banks’ country. As soon as all the cards had been allotted, created and distributed, hackers, who had meanwhile already breached the banks’ networks “accessed the bank’s internal structures and manipulated the debit playing cards’ features to permit a high overdraft degree and eliminated anti-fraud controls that have been placed for the unique money owed by accounts.”
The debit cards were then used to withdraw full-size amounts of cash from a couple of ATMs. “The physical opposite numbers stationed at numerous places in Eastern Europe and the Russian Federation then cashed out significant amounts of money for every of those cards from ATM terminals. Cash withdrawal throughout the region commenced within minutes of the first OD property trade made to the debit playing cards on the cardboard management software,” Trustwave protection professionals Thanassis Diogos and Sachin Deodhar stated in a record. The hackers managed to make away with up to 10 million dollars from each centered bank.
The police and authorities had been able to have a look at some of the mule’s recruitment up with different suspected participants of the hacker organization through security digital camera photos from some ATMs that have been used to withdraw money. “These conferences had been most probable to supply the stolen cash, after keeping their fee,” researchers stated.
The hackers managed to compromise the centered banks’ corporation admin account, which in turn gave the attackers complete access to the banks’ infrastructure. The hackers additionally hooked up a legitimate monitoring device known as Mipko (marketed as an employee tracking tool), which could captures monitors, keystrokes and extra.
The hackers extensively utilized specialized malware to leave no hint of their activities, in efforts to interrupt future evaluation and investigation of the main systems. In step with Trustwave researchers, the attackers’ “tradecraft” shows involvement with organized cybercrime syndicates.
It is nevertheless unclear as to how many banks have been affected and whether or not any of the focused organizations were able to perceive in which the cash become moved and/or recover it. The identification of the hacker group additionally stays unknown.