In one of the first operations of its kind in Europe, Romanian police have taken down an ATM gang suspected of using the Tyupkin ATM malware to harvest cash from ATMs.
The suspects allegedly used the Tyupkin ATM malware to trick machines into shelling out their cash. We first reported on the Tyupkin malware back in October 2015, when it was spreading across Asia, Latin America and Europe.
At the time, Kaspersky reported that cyberattacks have greatly increased in frequency in recent years, especially when it comes to ATM attacks. Kaspersky advised banks to upgrade the locks the manufacturer provided on the ATMs, as well as change the default password in the basic input-output systems within the machine, install alarms and update their antivirus protection.
The ATM malware scheme has now come to a turning point in Europe, following a successful European joint effort.
In a rare EU-wide operation, Romanian cops raided multiple houses across their own turf and the neighboring Republic of Moldova, resulting in the arrest of eight individuals. According to police, the culprits used the Tyupkin ATM malware to hack ATMs in Europe and steal cash.
EU-wide law enforcement agencies such as Europol and Eurojust assisted Romanian police in the disruptive cybercrime operation. It remains unclear at this point just how much the cyber-robbers were able to steal with this complex fraud scheme.
Europol said this "Jackpotting" scheme, conducted by a criminal gang of Moldovan and Romanian citizens, caused "substantial losses" to the ATM industry in Europe.
"ATM 'Jackpotting' refers to the use of a Trojan horse, physically launched via an executable file in order to target an ATM, thus allowing the attackers to empty the ATM cash cassettes via direct manipulation, using the ATM PIN pad to submit commands to the Trojan," explains Europol.
Malware ATM attacks have been steadily gaining ground since 2010 and are now beginning to spread globally, with Western European banks facing serious threats.
Wil van Gemert, deputy director of operations at Europol's European Cybercrime Centre (EC3), points out that ATM attacks that rely on malicious software have seen an alarming increase over the past few years.
Such carefully orchestrated schemes have a complex cybercrime aspect, according to Gemert, perfectly illustrating how criminals are always finding new means of evolving their methods and committing more sophisticated crimes.
Europol's EC3 hosted several international operational meetings to assist European police forces and analyzed intelligence to further help with the investigation. The entire operation was a collaborative international effort, marking an important milestone in countering this dangerous malware.
"To match these new technologically savvy criminals, it is essential, as it was done in this case, that law enforcement agencies cooperate with their counterparts via Europol to share information and collaborate on transnational investigations," Gemert adds.
ATM malware and logical attacks pose a severe threat, and Europol's EC3 has outlined new security guidelines to handle this new type of ATM cyber threat. This document is the first of its kind, made in collaboration with the European ATM Security Team (EAST).