Virus in contactless ATMs in danger of losing $2 billion

Robbing ATMs is the main source of income for hackers. And in this issue they are constantly improving. Early to take someone else’s money, they had to install the equipment a special device to read payment card data. Now the criminals steal money with the help of special computer virus.


photo: Natalia Muslinkina

And his goal — not even funds are holders of “plastic”, but the bills in ATMs. This scammer is known only to him gaining the code and hardware gives out large notes. As experts explain, identify contactless virus is difficult and, therefore, to find the antidote is also difficult. According to their forecasts, unless urgent measures, the banks may lose around $2 billion.

To Rob ATMs with contactless virus, a practice common overseas. It is believed that this method of misappropriation of funds originated in Mexico, and then “infection” spread to the United States. Not remained untouched and Europe, losses from hacker attacks is estimated at $300-400 million. according to experts, the Europeans promptly respond to such attacks by computer fraud. As a result, they are able to do a little blood. Moreover, if losses are lower than the cost of converting ATMs, then a credit institution prefer to insure these devices against theft. If the loss of the above — ATMs converted, replace locks and keys on them and attracted by antivirus experts to “clean up” equipment.

In Russia, the same fraudulent scheme discovered for the first time. “We always, when talking about the skimming, noted that the attacker needs to put something on the ATM, and now a new technology has emerged,” — said Deputy head of the main Directorate of security and information protection, Bank of Russia Artem Sychev.

However, to reveal details, which banks first caught the virus, the Central Bank did not. As explained by the regulator, “banks recommendations on how to protect themselves and customers against new threats.

And the threat is really serious. The fact that this virus has a file body and is located in the RAM of the ATM. So it can’t detect an antivirus program and he can live in device for a long time. Criminals hacked the banking system, then sneak into the computer of the employee who oversees the ATM network. And from there directly introduce the virus into the device on the issuance of money.

As explained “MK” Group-IB, which is investigating cyber-crimes, a tactic similar to the Cobalt group. Recall that in the course of 2016, this hacker group attacked banks in Russia, CIS countries, UK, Poland, Germany, Spain, the Netherlands, Romania, Malaysia and Taiwan. “The shortest time to obtain full control over the network of the Bank, which has made these criminals in 10 minutes. Once infected by malware, attackers, in simple terms, gained control over the ATM network, and could force them to give all of the contained bills,” — said “MK” in the press service of Group-IB.

Now the hackers are still more improvements to its method of profit. For certain combinations of numbers that only knows the rascal and pick which on the keyboard is almost impossible, the ATM will give the attacker the contents of the first cassette, which stores large bills.

Meanwhile, as reported by several media outlets, primarily affected were the device’s largest manufacturer of ATMs — NCR. However, to refuse this mark, bankers are not collected. The fact that all ATMs operate on Windows operating system. “There might be a precedent proceedings with Microsoft to eliminate the vulnerability. While such was not, but if the damage to banks will grow, this is a logical step”, commented the analyst of “ALOR Broker” Kirill Yakovenko.

In addition, according to him, as a rule, the spread of such viruses is still preceded by the leak of information from the Bank. “Full-contact type of fraud can not be called. Criminals need to conduct preliminary work on the penetration of the ATM network, and we cannot do without help from the inside of the credit organization. The solution to this situation — operational work for the prevention of crime, the introduction into the community of hackers involved in these crimes, prevention”, — said Yakovenko.

According to the interior Ministry, in 2015, failed to prevent the theft of 1.5 billion. “I Believe that in this sphere the ratio of solved and unsolved crimes is approximately 1 to 30, so we can say that banks are losing to cybercrime around 30-45 billion rubles, or $500 million a year. The fact that the virus is transmitted contactless, increase the speed of its spread and can cause growth losses up to $1-2 billion per year”, — the expert believes.