20 October 2017
Register now

ATM overdraft hack helps crooks steal millions from ex-Soviet banks

10 October 2017  |  4611 views  |  0 atm

Hackers have stolen millions of dollars from banks in former Soviet states by breaking into their IT networks to increase overdraft limits on fraudulently opened accounts and then making ATM withdrawals.

TrustWave, which uncovered the scam, says that it has found around $40 million in fraudulent withdrawals but expects the total losses to be in the hundreds of millions of dollars.

The gang sent mules with fake identities to bank branches to set up accounts and request debit cards. Then, the hackers manipulated the overdraft limits associated with these cards, removing any restrictions in the core card processing system. Finally, the cards were sent to new mules abroad, who withdrew massive amounts of cash from ATMs despite the fact the accounts were virtually empty.

The crooks used an old-fashioned phishing campaign to install remote access malware on bank staffers' computers in order to increase the overdraft limits.

TrustWave says that because legitimate debit cards, rather than stolen ones, were used, and the attackers removed anti-fraud controls for the accounts, the cash-outs did not trigger any alarms in the bank systems.

The overdraft limit changes and ATM withdrawals were carried out almost simultaneously, the kind of coordination which TrustWave says is a "strong indicator of organised crime activities".

Says the firm: "Organisations need to expand their defensive security strategy to assume that they have "already been compromised" and actively search for threats to detect and minimise damage.

"This is known as Threat Hunting and helps businesses detect existing adversaries moving laterally within their infrastructures and mitigate these threats before they have a chance to realize their full potential."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

ATM black box attacks soar in Europe

ATM black box attacks soar in Europe

06 October 2017  |  7136 views  |  0 comments | 5 tweets | 8 linkedin
European ATM skimming ring brought to justice

European ATM skimming ring brought to justice

15 June 2017  |  9957 views  |  1 comments | 5 tweets | 9 linkedin
Twenty-seven arrested over ATM jackpotting attacks

Twenty-seven arrested over ATM jackpotting attacks

22 May 2017  |  6084 views  |  0 comments | 6 tweets | 6 linkedin
WannaCry ransomware: Indian banks told to update ATM software

WannaCry ransomware: Indian banks told to update ATM software

15 May 2017  |  6644 views  |  5 comments | 5 tweets | 12 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.com Register now

Who is commenting?

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15883 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8994 views comments | 16 tweets | 23 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8105 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7175 views comments | 9 tweets | 17 linkedin
Santander InnoVentures leads $6m funding round for Mexico's ePesosSantander InnoVentures leads $6m funding r...
6312 views comments | 6 tweets | 3 linkedin

Featured job

Find your next job