Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Criminals are siphoning millions from ATMs. Here's how they can be stopped


Criminals are siphoning millions from ATMs. Here's how they can be stopped

Ann Hermes | The Christian Science Monitor | Getty Images

A spate of high-profile thefts at automated teller machines (ATM) has sparked alarm and sent law enforcement officials in a tizzy.

But aBritish cybersecurity firm reckons swindlers can be stopped in their tracks with the help of machine learning and a bit of math.

ATMs have long been a target for criminals, although the style of attacks has evolved in recent years; from illegally tampering with the cash dispensing machines, many are now turning to more sophisticated means of gaining access, by infecting ATMs with malware.

Malware is a generic term for a variety of malicious software that can pose serious cybersecurity threats.

Earlier this year, a gang stole $13 million from ATMs in a three-hour, 14,000 withdrawal spree inJapan, while inTaiwan, hackers breached a major domestic bank in July and used malware to withdraw more than $2 million from dozens of ATMs, reported Reuters.

The Bangkok Post further reported a group made off with 12 million baht ($346,926) from ATMs belonging to the state-run Government Savings Bank (GSB) in Thailand in August.

More worryingly, the attacks aren't restricted to Asia alone.

Analytics software companyFICO said in a study in April that the number of ATMs in the U.S. that were compromised by criminals rose 546 percent in 2015 over the previous year, the highest growth rate ever observed by the company.

Attacks on ATMs are just one of the major threats facing companies as hackers and cyber criminals have been using increasingly sophisticated means to attack targets ranging from the Democratic National Committee to technology firm Yahoo .

Analysts say that investing heavily on firewalls is no longer enough to contend with the multitude of cyber threats companies face. Often, an organization may not be aware of being compromised until much later, when most of the damage has already been done. .

Harnessing the power of machines

Cambridge-based Darktrace's Asia Pacific managing director, Sanjay Aurora, told CNBC in an interview that malware can breach a company's network and sit idle for as many as 200 days, quietly gathering information before launching a major attack.

Because businesses can have hundreds of connected devices transmitting large volumes of data all at the same time, it is impossible for security personnel to track all the anomalies in the network before they morph into serious cybersecurity threats.

"That's where you use machine learning to interpret all the variety of so-called small events - some related, some unrelated - and use mathematics to say hey this is a leading indicator to an insider threat because I have not seen this there before," explained Aurora.

Criminals are siphoning millions from ATMs. Here's how they can be stopped

Education Images | UIG | Getty Images

Machines have superior processing power and can scan through huge volumes of data. Theoretically, a piece of computer software can be programmed to learn and become smarter in the way it catches anomalous patterns in a company's networks.

The advantage it has over traditional firewalls is that the latter looks only for known anomalous patterns and every time a new threat is uncovered, the code must be updated for it to be effective. And keeping a large network up to date with the latest security updates can take time and is costly.

Aurora said the thing organizations need to understand is that the "threat is inside, something will [always] bypass" the firewall. Going after the weakest link

Banks and financial institutions are a key target for hackers because of the vast amount of money they handle regularly. Accordingly, these institutions invest heavily to protect their core assets, such as intellectual property and other vital information.

Given how extensive a big bank's network can be, other areas do not receive similar levels of protection. These so-called weak links are now attracting hackers' attention.

ATMs are one such weak link, said Aurora. Other cybersecurity experts agreed.

"ATM machines still rely on outdated operating systems like windows XP, which is threat-prone, since Microsoft ended support for it in 2014," Dhanya Thakkar, managing director and vice president for Asia Pacific at Trend Micro, told CNBC by email.

Ending support impliedMicrosoft would not release any new security updates to protect the operating system against new threats.

Hackers typically attack ATMs using malware through the following steps, according to Thakkar:

Access the ATM system either physically or through a bank's internal network Install a malware and infect the core of the ATM, which communicates with the bank's infrastructure, cash and credit card processing functions Hackers can then withdraw all the funds in the ATM or steal data from cards used by others, including bank account and personal identification numbers.
Criminals are siphoning millions from ATMs. Here's how they can be stopped
Criminals are siphoning millions from ATMs. Here's how they can be stopped

Yahoo breach culprit will be hard to track: Expert 11 Hours Ago | 01:31

Yahoo breach culprit will be hard to track: Expert

11 Hours Ago

Yahoo confirms biggest data breach in history

16 Hours Ago

White House staffer email appears to have been hacked

20 Hours Ago

Kaspersky Labs' Alexey Osipov said many hackers don't even go near an ATM machine to carry out an attack or profit from it.

"Different underground forums share and sell information about attacking ATMs," Osipov told CNBC by phone. Which means a person could theoretically write lines of codes for a malware and only "sell his intellectual property to other criminals."

In the case of the Thailand heist, however, analysis from American network security company, FireEye, suggested possible coordination among attackers in the virtual and the physical world.

FireEye's Daniel Regalado observed in an August blog post the malware used in the Thailand attacks - dubbed "RIPPER" - built on existing malware used to expel cash from ATMs, but also "used some interesting techniques not seen before."

Regalado noted the malware interacted with ATMs using a specially manufactured ATM card with an EMV chip that served as the authentication mechanism.

EMV, which stands for Europay,MasterCard andVisa ― the three companies that originally started it ― is a technical standard used by credit and debit payment cards that uses

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images