13 October 2014

TYUPKIN MALWARE HACKING ATM MACHINES WORLDWIDE; REMAIN HIGH-PRIORITY TARGETS FOR CYBER CRIMINALS

October 8, 2014 

Tyupkin Malware Hacking ATM Machines Worldwide; Remain High-Priority Targets For Cyber Criminals


Mohit Kumar, writing on the October 7, 2014 website, TheHackerNews,com, writes that “criminals are using sophisticated malware that targets Automated Teller Machine (ATMs) systems to withdraw cash — even without,” having a debit card. The new, backdoor program, called ‘Tyupkin,’ ‘requires physical access to the ATM system, running 32-bit Windows platform; and, booting it off a CD in order to install the malware. According to the researchers, the threat has continue to evolve in recent months, infecting ATMs in Asia, Europe, and Latin America.”

Mr. Kumar writes that, “there are no details relating to the criminal gang behind the attacks, but they have already stolen “millions of dollars” for ATMs worldwide — using sophisticated malware, security firms Kaspersky and Interpol, who are working together in an attempt to foil the criminal gang,” said a joint statement released on Tuesday.

“Over the last few years, we have observed a major upswing in ATM attacks, using skimming devices and malicious software,” said Vicente Diaz, Principal Security Researcher at Kaspersky Labs. “Now, we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves, or launching direct Advanced Persistent Threat (APT)-style attacks against banks. The Tyupkin malware is an example of attackers taking advantage of weaknesses in the ATM infrastructure.”

How Tyupkin Attack Works

“In order to install the malicious backdoor,” Mr. Kumar writes, “money mules need to physically insert a bootable CD, which installs the malware. Once the machine is rebooted, the ATM is under the control of the criminal gang. The sophisticated malware then runs in the background on an infinite loop, awaiting a command from an attacker’s side. However, the malware will only accept commands at specific times — in this case, Sunday and Monday nights — making it harder to detect. Furthermore, a unique combination key based on random numbers is generated — so that the possibility of a member of the public accidentally entering a code can be avoided. This key code needs to be entered, before the main menu is shown.”

“The malicious operator receives instructions by phone, from another member of the gang who knows the algorithm; and, is able to generate a session key based on the number shown,” Kaspersky stated in its release. “This ensures that the mules collecting the cash do not try to go it alone.”

“When this session key is entered correctly,” Mr. Kumar writes, “the ATM displays details of how much money is available in each cash cassette, inviting the operator to choose which cassette to steal from; and, the number of available banknotes — the ATM dispenses a maximum of 40 at a time from the chosen cassette.”

Countries Affected By Tyupkin

Mr. Kumar notes that “during the investigation, the researchers found more than 50 ATMs — from banking institutions throughout Eastern Europe, and most of the Tyupkin submissions came from Russia. The malware appears to have since spread to the United States, India, China, Israel, France, and Malaysia.”

“The scam has even been caught on video, as many of the ATMs have cameras,” Mr. Kumar noted. Kaspersky Labs has informed law enforcement about the issue; and, also alerted banks and financial sectors of the steps needed to prevent this type of attack.”

Attacking or hacking into ATM machines isn’t a new phenomena and the this threat has existed for years. And, unfortunately, they are likely to remain a high-priority target by cyber criminals. And, the cyber criminals are getting increasingly clever and using more sophisticated and deceptive methods to evade detection. Lucian Constantin, writing on the October 7, 2014 website, PCWorld.com, “in one of the most memorable presentations ever, at the Black Hat Security Conference held in Las Vegas in the summer of 2010, a hard-ware hacker named Barnaby Jack compromised an ATM on stage, forcing it to spew out cash. Jack used a combination of physical access to the ATM’s USB ports and a software exploit.”

While the sophistication and intricacy needed to successfully carry out this kind of attack — thank goodness — requires more than an average understanding of how ATMs and financial institutions networks are configured, one has to assume that there will always be that individual that is working on a simpler; but, no less harmful method of stealing money.

One of the recommendations made, “banks should install alarm systems for physical access for ATMs. It was underscored that “the cyber criminals behind Tyupkin only infected ATMs that had no security alarm installed.”

Wonder if we could use this technique in an offensive manner, against drug kingpins, al Qaeda, ISIS, and others. V/R, RCP

No comments: