AN ATM STICKUP: Two methods used to fleece cash machines

Philipsburg – VIJAY SHAH via TecNovedosos

Earlier this year, specialists working at Russian cybersecurity firm Kaspersky Lab announced at a conference held in the Dutch Caribbean territory of Sint-Maarten that bank robbers have found two new, and quite ingenious ways to target ATMs and relieve them of their cash deposits. The IT experts made a presentation in front of delegates at the Computer Security Summit Summit, held on the 4th of April, 2017, where they warned that thieves were upping their game in their attacks on automated bank tellers and gone were the days when all it took was a rope, a heavy-duty vehicle and a small amount of explosives to break into an ATM.

 

According to a report published in Spanish language online magazine tecnovedosos.com, sophisticated robbers now have two tactics at their disposal, cases of which have already been reported by banks in Russia and Europe. In many of these cases, the robberies only took a matter of seconds.

The first tactic reported by security specialists involves a small hole being drilled into the ATM keypad without triggering the machine’s automatic security sensors. A hacker then uses special equipment to directly access the onboard computer. The hacker then decodes the machine’s electronic signals, essentially forcing the machine to electronically hand over all its cash. The ATM is emptied of its cash reserves by the robbers. This tactic exploits a vulnerability in a certain model of ATM, manufactured by a single company, though which company it was was not mentioned by the Kaspersky Lab researchers.

The second tactic involves a more elaborate and far-reaching approach targeting the bank itself. Malicious cybercriminals target the bank’s IT systems with a powerful virus that targets the part of the network that manages the ATMs. Once the virus is entrenched, it is remotely activated by the criminals using the bank’s own systems. A command is sent out by the virus to the ATMs to release their cash reserves. The robber needs then only to pay a visit to the compromised ATM and withdraw all the money, a procedure that takes only a few minutes and will not arouse the suspicions of bank security staff, and also cuts out the risk associated with traditional bank robberies involving ‘stick-ups’, in the eyes of criminals.

The ATMs are compromised by robbers quite easily and once the heist is complete, the hackers wipe out the virus to cover their tracks. The virus, known as ATMitch, has been reported by banks hacked into in Russia and neighbouring Kazakhstan.

In the UK, no such cases have yet been reported involving these tactics. Most ATMs are zeroued in on by less technologically savvy robbers who resort to blowing up cash machines or ripping them out of walls. In the past few years, some fraudsters have adopted a more scientific approach, involving attaching special skimming devices to the card reader slots of ATMs, which masquerade as part of the machine and catch people’s card details and PINs, which the robbers gather from the device and then empty the victims’ accounts. Others have been caught attaching pinhole cameras which watch people enter their PINs. ATM users are advised to always shield their PINs when using cash machines, and to be wary of people standing over them or observing them using the keypad.

SOURCES:

Vijay Shah { विजय }, Twitter, Twitter Inc. https://twitter.com/VShah1984

Tecnología GM 🔹‏, Twitter, Twitter Inc. https://twitter.com/TecnologiaGM

“Descubren dos ingeniosas tácticas para sacarle el dinero a los cajeros automáticos” – tecnovedosos.com/TecNovedosos (5 April 2017) https://www.tecnovedosos.com/metodos-para-robar-cajeros-automaticos/

IMAGE CREDITS:

“Free photo: Scam, Atm, Security, Bank, Money – Free Image on Pixabay – 2048851” – mrganso, Pixabay (4 February 2017) https://pixabay.com/en/scam-atm-security-bank-money-2048851/

“🇸🇽 Sint Maarten on Twitter Twemoji 2.0” – Emojipedia/Emojipedia Pty Ltd https://emojipedia.org/twitter/twemoji-2.0/flag-for-sint-maarten/

Advertisements

WANNACRY ATTACK: NHS, major organisations left reeling by co-ordinated hack

 

Winnipeg – VIJAY SHAH via Winnipeg Free Press and ReportCA.net

Several of the United Kingdom’s National Health Service trusts, as well as numerous large companies across the globe are still recovering from a large-scale ‘unprecedented’ ransomware cyber attack which occurred this weekend, ReportCA.net wrote yesterday.

The ‘cyberextortion’ attack, which involved hackers accessing computers via phishing emails, and locking systems and encrypting company data, also affected numerous firms engaged in the manufacturing, finance and transport sectors. Government agencies were also caught up in the debacle. Technicians at the NHS, which offers subsidised healthcare in the U.K., scrambled to limit the spread of the ransomware, which caused problems with accessing patient data and hospital appointments, among other things. Many companies ordered their employees to disconnect their workstations from the Internet and to avoid opening emails from unfamiliar sources.

Such was the scale of this weekend’s mass attack, Microsoft was moved into changing its cybersecurity policy, making free of charge updates and patches for computers running older packages such as Windows XP, which many small and medium enterprises still rely on, due to the expense of system upgrades or lack of technical knowledge and ICT skills.

 

 

 

Apart from the NHS, Spain’s Telefonica and Iberdrola also reported computers being targeted. The German national railway Deutsche Ban was another victim. ReportCA.net published a photo taken by an eyewitness at Chemnitz rail station, showing a display board for train times. The screen was partly obscured by a red and white pop-up with a padlock logo, a sight reported by other victims of the attack. The hackers locked out users and demanded payment in bitcoin currency to release encrypted data. Other victims included the Russian Interior Ministry, the country’s mobile phone operators MTS and MegaFon, French car maker Renault, and football clubs in Europe. One long-established club, IF Odd, said Saturday that its online ticketing service was crippled by the ransomware.

The British home secretary Amber Rudd said that one in five of her country’s 248 NHS trusts, which manage hospitals and patient services above general practitioner level, had been hit. Thousands of patient appointments and operations, including for serious conditions, were cancelled, as medical staff were frozen out of their databases and systems. According to Rudd, 48 trusts were affected, but quick reaction times by their ICT departments meant that as of yesterday, only six were still reporting issues. The National Cyber Security Centre also stepped in to mitigate the impact of the attack.

Cybersecurity officials urged both individuals and companies to ensure they regularly update their anti-virus and security systems, enact security updates if they are Windows users and to back-up data on a separate server or in the cloud.

The source of the attack is as yet unknown, although Russian and Chinese hackers have targeted companies and governmental agencies in the West in past years. Two cybersecurity firms, Avast and Kaspersky Lab, have said that the ransomware attacked PCs in 70 countries, with Russia the most affected. There have been reports that the hackers used the WannaCry ransomware program, said to have been based on spying technology utilised by America’s NSA (National Security Agency). More than 36,000 infections were detected by yesterday. It is reported that the hackers behind ‘WannaCry’ stole the hacking tools from the NSA, which created the tool to exploit a loophole in Microsoft’s Windows operating system.

Ori Eisen, founder of Trusona cybersecurity firm in Scottsdale, Arizona, USA, warned that the WannaCry attack is just the beginning and another more advanced attack could have serious and potentially lethal implications. Speaking with the Associated Press news agency, Eisen said: This is child”s play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?” he asked.

“Today, it happened to 10,000 computers,” Eisen said. “There”s no barrier to do it tomorrow to 100 million computers.”

Intranational policing agency Europol described the attack as at “an unprecedented level and will require a complex international investigation to identify the culprits.”

The onslaught of WannaCry was successfully halted after a 22-year-old British cybersecurity researcher, known only by his or her tag ‘MalwareTech’ accidently stumbled across a ‘kill switch’ that disabled the ransomware. By entering a nonsensical domain name, MalwareTech was able to stop the malware spreading further. He or she purchased the domain name for around £9, yet this quick thinking decision saved companies millions in potential damage control. The kill switch only worked for those not affected however, and many organisations who were already hit were forced to pay the ransom demand or call up emergency data stocks.

SOURCES:

HEM Newsbreakers, HEM News Agency, Twitter, Twitter Inc. https://twitter.com/halfeatenmind/lists/hem-newsbreakers

Report 24 Canada, Twitter, Twitter Inc. https://twitter.com/Report24CA

“Unprecedented global “ransomware” attack seeks cash for data” – Winnipeg Free Press via ReportCA.net (13 May 2017) https://reportca.net/2017/05/unprecedented-global-ransomware-attack-seeks-cash-for-data/

IMAGE CREDIT:

“File:Wana Decrypt0r screenshot.png” – WannaCry via SecureList, Wikimedia Commons (12 May 2017) https://commons.wikimedia.org/wiki/File:Wana_Decrypt0r_screenshot.png