21 July 2018
Visit www.gemalto.com

ATM overdraft hack helps crooks steal millions from ex-Soviet banks

10 October 2017  |  6175 views  |  0 atm

Hackers have stolen millions of dollars from banks in former Soviet states by breaking into their IT networks to increase overdraft limits on fraudulently opened accounts and then making ATM withdrawals.

TrustWave, which uncovered the scam, says that it has found around $40 million in fraudulent withdrawals but expects the total losses to be in the hundreds of millions of dollars.

The gang sent mules with fake identities to bank branches to set up accounts and request debit cards. Then, the hackers manipulated the overdraft limits associated with these cards, removing any restrictions in the core card processing system. Finally, the cards were sent to new mules abroad, who withdrew massive amounts of cash from ATMs despite the fact the accounts were virtually empty.

The crooks used an old-fashioned phishing campaign to install remote access malware on bank staffers' computers in order to increase the overdraft limits.

TrustWave says that because legitimate debit cards, rather than stolen ones, were used, and the attackers removed anti-fraud controls for the accounts, the cash-outs did not trigger any alarms in the bank systems.

The overdraft limit changes and ATM withdrawals were carried out almost simultaneously, the kind of coordination which TrustWave says is a "strong indicator of organised crime activities".

Says the firm: "Organisations need to expand their defensive security strategy to assume that they have "already been compromised" and actively search for threats to detect and minimise damage.

"This is known as Threat Hunting and helps businesses detect existing adversaries moving laterally within their infrastructures and mitigate these threats before they have a chance to realize their full potential."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

ATM black box attacks soar in Europe

ATM black box attacks soar in Europe

06 October 2017  |  8760 views  |  0 comments | 5 tweets | 8 linkedin
European ATM skimming ring brought to justice

European ATM skimming ring brought to justice

15 June 2017  |  11020 views  |  1 comments | 5 tweets | 9 linkedin
Twenty-seven arrested over ATM jackpotting attacks

Twenty-seven arrested over ATM jackpotting attacks

22 May 2017  |  6736 views  |  0 comments | 6 tweets | 6 linkedin
WannaCry ransomware: Indian banks told to update ATM software

WannaCry ransomware: Indian banks told to update ATM software

15 May 2017  |  7456 views  |  5 comments | 5 tweets | 12 linkedin

Related blogs

Create a blog about this story (membership required)
Visit info.nice.comVisit iliad-solutions.com/Visit https://secure.vasco.com

Who is commenting?

Top topics

Most viewed Most shared
Calmejane quits Lloyds Bank to join SocGenCalmejane quits Lloyds Bank to join SocGen
13080 views comments | 6 tweets | 7 linkedin
Hong Kong plans September go-live for blockchain-based trade financeHong Kong plans September go-live for bloc...
10685 views comments | 9 tweets | 17 linkedin
Mastercard enlists Worldpay to push Vocalink's Pay by Bank appMastercard enlists Worldpay to push Vocali...
9857 views 19 comments | 15 tweets | 30 linkedin
IBM to test dollar-pegged 'stablecoin'IBM to test dollar-pegged 'stablecoin'
6965 views comments | 4 tweets | 14 linkedin
Bringing about new systems and faster payments globallyBringing about new systems and faster paym...
6808 views comments | 2 tweets | 7 linkedin

Featured job

Basic c Euro 120K, Variable Euro 120K - full ben...
Paris prefered London possible

Find your next job