Saturday, Sep 26, 2020 | Last Update : 12:03 PM IST

186th Day Of Lockdown

Maharashtra130045899280634761 Andhra Pradesh6614585881695606 Tamil Nadu5693705138369148 Karnataka5572124503028417 Uttar Pradesh3785333136865450 Delhi2644502284365147 West Bengal2410592110204665 Odisha201059165432820 Telangana1816271501601080 Bihar175898161510881 Assam167374136712625 Kerala160935111327636 Gujarat1303911105923394 Rajasthan1247301042881412 Haryana1205781012731273 Madhya Pradesh117588932382152 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   In Other news  04 Apr 2017  Hackers use 'disappearing malware,' steal $800,000 from ATMs

Hackers use 'disappearing malware,' steal $800,000 from ATMs

THE ASIAN AGE
Published : Apr 4, 2017, 12:34 pm IST
Updated : Apr 4, 2017, 12:36 pm IST

The only clue left behind was a note stating, ‘Take my money, bitch.’

The log files left behind are obvious that the bank was hacked. However, researchers need samples of the ‘missing malware’ that were on the machines to analyse how the robbers pulled off the heist.
 The log files left behind are obvious that the bank was hacked. However, researchers need samples of the ‘missing malware’ that were on the machines to analyse how the robbers pulled off the heist.

It was like a complete movie scene where some hackers in Russia managed to drain a Russian bank of around eight ATMs with almost a million dollars of rubles in just a single night. The incident happened last year when the bank went through their surveillance cameras and found out the heist being captured on tape.

The Motherboard reported that the Russian bank was looted by a lone culprit who managed to grab a stack of bills worth $100,000 from each of their machines. The worst part — he did not even touch the machine.

 

The ATM machines were hacked with a malware, which spewed around 40 bills at a time and in less than 20 minutes, a single ATM machine was left dry before the culprit moved on to the next machine in the city for the same action. The entire incident was captured on camera, which the bank contacted the Russian cybersecurity firm Kaspersky Lab for an investigation. The only evidence was the CCTV recording.

The hackers method was a mystery as the bank found absolutely no trace of any malware on the ATMs or their backend networks. There were no signs of intrusion either. However, the only clue that was left behind was two log files that had a log of everything on the machine before the money disappeared. The logs included one line in English, stating ‘Take my money, bitch.’   

 

"Our theory is that during the uninstall [of the malware], something went wrong with the malware and that's why the [log] files were left," says Sergey Golovanov, principal security researcher with Kaspersky in Russia, who investigated the heists, reported Motherboard.

Earlier this year too, Kaspersky reported that invisible ‘fileless’ attacks were used to target more than 140 banks in Europe.

‘Fileless malware attacks use the existing legitimate tools on a machine so that no malware gets installed on the system, or they use malware that resides only in the infected machine's random-access-memory, rather than on the hard drive, so that the malware leaves no discernible footprint once it's gone,’ reported Motherboard. The method was used to target two Russian banks that night.

 

‘The heist worked in three stages, with the first two using commands that instructed the ATM to withdraw the bills stored in cassettes and place them in line to be dispensed, and the third stage using a command that opened the mouth of the ATM. It was at this point that the command, "Take the money bitch," appeared in the log file, and possibly on the ATM's screen as well to signal the money mule to grab the bills and go,’ a security analyst from Kaspersky told Motherboard in an interview.

The log files left behind are obvious that the bank was hacked. However, researchers need samples of the ‘missing malware’ that were on the machines to analyse how the robbers pulled off the heist.

 

No arrests have been made in the heist yet. Kaspersky thinks the culprits might be connected to one of two previously known gangs of bank hackers, known as and Carbanak.

(source)

Tags: hackers, atm, bank, malware