Why make one’s life hard hacking consumer accounts — or taking up armed robbery — when one can get the best of both worlds by directly attacking the banks’ computers and getting ATMs to do things like start spewing cash for no apparent reason?
Taiwan and Thailand saw such attacks earlier this year when cyber criminals programmed bank ATMs to spew cash. Gang members knew when the cashsplosion was coming — and stood in front of the machines ready to scoop up millions of dollars in ill-gotten gains. In Taiwan, Taipei city police got reports of currency lying on a First Commercial Bank ATM in the city’s Da’an Precinct. Reports of loose cash at other ATMs soon followed.
And lest one think it can’t happen here in the U.S. — know the FBI does not agree and thinks U.S. banks could easily be in line for similar attacks. The FBI said in a bulletin that it is “monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector.”
The FBI report pointed at software used by a Russian gang known as Buhtrap.
The FBI said hackers broke into both the Taiwan and Thailand banks with fraudulent “phishing” emails disguised to look like messages from ATM vendors or other banks. Those emails allowed cybercriminal gangs to infect banks computers with a modded version of the Buhtrap malware.
This attack is one in a line of recent attacks that have seen criminal retargeting their activity away from consumers and toward institutions themselves.
“These guys, who could have been in the past just gone after consumers…are breaking into financial institutions,” said Eric Chien, technical director of Symantec Corp.’s Security Technology and Response division.
Investigators say a small corps of elite hacking groups is carrying out the attacks.
“The skill level to create the malware for the actual network intrusions is a step up,” from more common ATM crimes, said Robert McArdle, a security researcher with antivirus vendor Trend Micro Inc.