11 December 2017
visit www.solutions.lexisnexis.com

ATM overdraft hack helps crooks steal millions from ex-Soviet banks

10 October 2017  |  5556 views  |  0 atm

Hackers have stolen millions of dollars from banks in former Soviet states by breaking into their IT networks to increase overdraft limits on fraudulently opened accounts and then making ATM withdrawals.

TrustWave, which uncovered the scam, says that it has found around $40 million in fraudulent withdrawals but expects the total losses to be in the hundreds of millions of dollars.

The gang sent mules with fake identities to bank branches to set up accounts and request debit cards. Then, the hackers manipulated the overdraft limits associated with these cards, removing any restrictions in the core card processing system. Finally, the cards were sent to new mules abroad, who withdrew massive amounts of cash from ATMs despite the fact the accounts were virtually empty.

The crooks used an old-fashioned phishing campaign to install remote access malware on bank staffers' computers in order to increase the overdraft limits.

TrustWave says that because legitimate debit cards, rather than stolen ones, were used, and the attackers removed anti-fraud controls for the accounts, the cash-outs did not trigger any alarms in the bank systems.

The overdraft limit changes and ATM withdrawals were carried out almost simultaneously, the kind of coordination which TrustWave says is a "strong indicator of organised crime activities".

Says the firm: "Organisations need to expand their defensive security strategy to assume that they have "already been compromised" and actively search for threats to detect and minimise damage.

"This is known as Threat Hunting and helps businesses detect existing adversaries moving laterally within their infrastructures and mitigate these threats before they have a chance to realize their full potential."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

ATM black box attacks soar in Europe

ATM black box attacks soar in Europe

06 October 2017  |  7902 views  |  0 comments | 5 tweets | 8 linkedin
European ATM skimming ring brought to justice

European ATM skimming ring brought to justice

15 June 2017  |  10168 views  |  1 comments | 5 tweets | 9 linkedin
Twenty-seven arrested over ATM jackpotting attacks

Twenty-seven arrested over ATM jackpotting attacks

22 May 2017  |  6258 views  |  0 comments | 6 tweets | 6 linkedin
WannaCry ransomware: Indian banks told to update ATM software

WannaCry ransomware: Indian banks told to update ATM software

15 May 2017  |  6870 views  |  5 comments | 5 tweets | 12 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.aciworldwide.comvisit www.solutions.lexisnexis.comvisit www.atos.net

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18243 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11144 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
7107 views comments | 13 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6505 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
5903 views comments | 5 tweets | 12 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job