Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.
The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.
Bank systems are infected using tools that are widely available in public sources.
The shortest time taken to obtain total control over the banking network – 10 minutes.
How this attack’s malware spreads through internal banking networks and provides for its survivability.
Functional specifics of the ATM malware used to dispense money on demand.
The attack scheme and roles of group members.
Indicators of Compromise and attack prevention tactics.
Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.
Head of the Investigation Department
and the Threat Intelligence service
Threat Intelligence subscribers are always on the forefront and were made aware of the recent Buhtrap spear-phishing emails the same day they were sent. Additionally, reports included both mailings details and payload analysis. The data we provided proved vital in preventing attacks against clients exposed to Buhtrap risks.
We help to prevent and investigate cyber attacks at every stage, from reconnaissance or preparation to threat actors taking actions to achieve objectives. Furthermore, we prevent the spread of the attack and ensure that your infrastructure is clean of the presence of infection.
Contact us to learn more: +7 495 984-33-64 or firstname.lastname@example.org
Learn about threats, leakages, attacks, and hacking activity before they can harm your business
Detect malicious incidents
in your internal network to prevent intrusions, attacks, data leaks, and espionage
CERT-GIB – 24/7 emergency response and effective incident management
The largest computer forensics laboratory in Easter Europe, with an experienced investigation team
Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.
We are recognized by Gartner as a threat intelligence vendor with strong cyber security focus and the ability to provide leading insight to the Eastern European region and recommended by the Organization for Security and Co-operation in Europe (OSCE).
Group-IB’s experience and threat intelligence has been fused into an eco-system of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.Learn more