After spotting that many of the ATMs in India are old and use outdated software, Russians hackers are now trying to attack them using Tyupkin , a virus that has the sinister power to force cash machines into maintenance mode and spew out currency notes. A shadowy Russian teenager has emerged as the new threat to Indian banks. He’s said to hack ATMs using the virus. This malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.
About a month ago, NCR Corp, the world’s largest maker of ATMs, alerted banks about the malware. The 19-yearold Russian’s tentacles are suspected to have reached deep into India after some people were discovered trying to rob ATMs in Surat by infecting the cash machines. The Gujarat police arrested them and the case is under investigation.
The modus operandi involves plugging in a USB drive or rebooting the ATM after taking off the side or back panel of an ATM. Once infected, a few simple keystrokes cause the cash to flow out. The malware also uses several sneaky techniques to avoid detection. First of all, it is only active at a specific time at night. It also uses a key based on a random seed for every session. Without this key, nobody can interact with the infected ATM.
A year ago, cyber attacks had rattled banks in Europe and parts of Asia and Latin America. A Russian gang, known as Anunak in the world of cyber crime, that was responsible for the attacks is said to have turned its attention on India, having spotted a vulnerability as many of its ATMs are old and use outdated software.
“ATMs of all types, irrespective of their make, are vulnerable to malware attacks,” — NCR India managing director Navroze Dastur told ET. “We have advised all banks certain precautionary measures like password protection, upgrading software and whitelisting the ATM software.” He also added — “NCR recommends device control for anything connectable to ATMs, using firewalls and providing the possibility to update software securely and without risks,”
Until now, card skimming — stealing customer data to withdraw cash or carry out online transactions — had been the prime security headache for the country’s banking industry. That led the Reserve Bank of India to direct banks to issue chip-based and PIN-enabled debit and credit cards.But malware such as Tyupkin raises the threat to a new level.
“Unlike skimming fraud, malware attacks like Tyupkin are highly coordinated, involving techies who are familiar with the functioning of ATMs and are able to locate the USB port to plant such malware,” — said Bharat Panchal, who heads risk management at National Payments Corporation of India (NPCI). “They key in the commands and take out the cash after receiving instructions from the mastermind who is typically located abroad.”
Even as banks, regulators and cyber security experts devise protective walls, faceless hackers are honing their tools and strategies.
Watch Kaspersky Video with a demonstration in a real ATM :