Over 1.4 billion Yen was reportedly stolen in a span of two and a half hours across automated teller machines (ATMs) found in over 1,400 convenience stores in Japan this month. According to the local police, the simultaneous theft occurred on March 15 where money was illegally withdrawn from ATMS located in Tokyo and 16 other locations including Kanagawa, Aichi, Osaka, and Fukuoka.
Law enforcement officials believe that the extraction was conducted by a group of more than 100 criminals between 5am to 8am using fraudulent credit cards containing information leaked by a bank in South Africa. It was reported that there were more than 14,000 transactions made. With each transaction extracting 100,000 Yen (or $900 USD)—the maximum credit card withdrawal limit used in the said machines—the operation successfully amassed an amount equivalent to US$13 million.
Authorities are currently looking into how the theft was stealthily coordinated and carried out. It is believed that the group behind the operation strategically withdrew money outside the nation where the 1,600 credit cards containing leaked data (by way of hacking or other method) originated from. Authorities are currently devising ways to identify and analyze images recorded from security cameras. Also, investigations on the cybersecurity front will be conducted with the help of South African law enforcement agencies via the Interpol to determine how data was mined from the South African bank.
This recent heist is reminiscent of a series of illegal withdrawals using fake bank cards from ATMs in over 26 countries including Tokyo, from 2012 to 2013, stealing an amount reaching to about 4.5 billion Yen. In the past two years, cybersecurity experts have seen a 15% increase in ATM-related fraud attacks from 2014 to 2015—with malware usage for ATM fraud believed to be a growing trend that is here to stay.
Financial Sector in Peril
This year, financial institutions have been taking a beating from cybercriminals with a string of banks falling prey to online crooks with varying techniques used to steal money and valuable data.
By the end of last week, a lawsuit divulging details of a breach that led to the theft of over $12 million USD surfaced. This was done by hackers illegally gaining access to codes used by Ecuadorian bank Banco del Austro, and used them to move money via the global interbank network SWIFT. At the tail end of April, another banking institution, Qatar National Bank, acknowledged a breach orchestrated by a Turkish hacking group resulting into a massive 1.5-gigabyte data dump consisting of customer information from bank credentials, telephone numbers, payment card details, and dates of birth. While bank officials disclosed that no financial impact on its customers came out of the incident, cybercriminals were able to send their message across that even the biggest institutions could easily be compromised.
On March, cybercrime group Buhtrap was identified to be behind the spear-phishing campaign that led to the loss of almost 2 billion rubles (or US$26 million), conducted in 13 successful attacks on various Russian banks. On February 2016, the biggest, “most ambitious thefts committed via cybercrime” was carried out by an unknown group that almost extracted more than a billion US dollars from the Bangladesh Central Bank. While the completion of the master plan using stolen codes via SWIFT has been thwarted, the cybercriminals still managed to move over US$80 million to a Philippines-based account in just hours.
These incidents show an increase in attention given by cybercriminals to the financial sector, continuing to devise number of ways to turn reputable institutions to victims. Martin Roesler, Trend Micro threat research director, wrote in a blog entry, deducing lessons on cybersecurity from the massive bank heist, “Security should not be a simple item on a checklist. It should be a process, an attitude, and a mindset,” he adds, “The incident involving the Bangladesh Central Bank adds to the growing list of proof points that support this statement, especially now that cyber-attacks are getting bigger and definitely more ‘real’ in terms of impact.”