$13M USD theft in ATM cash-out

Share this…

The Cosmos Bank incident is the most recent event of its kind

Just a few days after the FBI warned cyber security organization teams in banking institutions about an imminent massive ATM robbery, a group of hackers managed to extract $13M USD from the Cosmos Bank in Pune, India, using cloned debit cards over the course of two days. Cyber security organization experts from the International Institute of Cyber Security consider that this is very likely to continue, given the large amount of debit card information available on deep web.

Spoofed cards are the key to most ATM cash-outs, according to the FBI: “cybercriminals often create fraudulent copies of legitimate cards by sending stolen card data to their accomplices, who print the data in reusable magnetic stripe cards, such as gift cards. At a later time, the criminal network withdraws funds from the accounts via ATM”.

cyber security organization firm has been tracking hacking activities in different underground markets, both in English and in Russian, and it has been discovered that, as a result of these campaigns, the market for cloned bank cards has been increasing; it is mentioned that the prices of these cloned physical cards start at an average of $200 USD.

“A hacker can spend $750 USD and get the ATM card for an account with $50K USD”, security firm spokespersons said.

The most recent victim

As already mentioned, last week the FBI issued a warning about this possible massive bank theft through their ATMs, and this is exactly what happened in Cosmos Bank, banking institution where large-scale fraudulent operations occurred during last weekend.

“In India, 2800 false transactions were carried out using 400 debit cards”, said Cosmos Bank President Milind Kale to the media. “It is an international attack on the banking systems; fake cards were used and the bank’s switching system was hacked”.

A brief history about ATM thefts

ATM theft is nothing new, although the forms in which the attack is presented vary. The issue became public domain after Barnaby Jack, a cyber security organization specialist, made a demonstration of this attack, coining the term     . In the attack, vulnerabilities were exploited on Triton and Tranax machines to install malicious firmware and, after doing so, withdraw cash from an ATM without needing an authenticated bank account.

A 2016 analysis revealed that Carbanak carried out incursions into 40 countries that resulted in accumulated losses of more than $1 billion for the financial industry. For the attack, phishing emails were used to infect the networks of the targeted banks, before using the ATMs to inject malicious code and then send a remote command to begin the cash-out.

In 2017, the FBI caught three men visiting ATMs in Wyoming, Colorado, and Utah, stealing tens of thousands of dollars. The surveillance camera footage of an attack showed the three men opening the top of an ATM to physically inject the malware known as Ploutus.D.