Cyber criminals appear to have stepped up their games, as they have unleashed an invincible malware attacks on Automated Teller Machines (ATMs) of banks.
According to MailOnline, passwords and financial data have been stolen from more than 140 banks and other enterprises in 40 countries using the organisations’ own software within the last few months.
Experts have therefore sought increased measures against Nigeria’s vulnerability, calling for concerted efforts between the Central Bank of Nigeria (CBN) and the financial institutions in the country to safeguard the operations of about 17, 398 ATMs in the country. The ATMs carried out about N4.9 trillion worth of transactions in 2016.
The digital strikes targeted computers that operate ATMs, letting hackers ‘push money out of the banks from within the banks’. The malware hides itself in the computer’s memory to avoid detection, and researchers say they have no idea who is behind it.
“It is not known who is behind the attacks, Kaspersky Labs, who discovered the exploit,” said. “The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible – or even whether it is a single group or several groups sharing the same tools,” it stated.
The U.S., France, the U.K., Ecuador and Kenya are the top five nations affected by the hack, with the U.S. being the hardest hit with 21 incidents.
Other countries include Brazil, Tunisia, Egypt, Russia, Turkey, Israel, Uganda, Spain, Saudi Arabia, China, Congo, Libya, Peru, Tanzania, Kazakhstan, Ukraine and others. The hit enterprise includes the banks, government organisations and telecommunications companies.
Other countries include Brazil, Tunisia, Egypt, Russia, Turkey, Israel, Uganda, Spain, Saudi Arabia, China, Congo, Libya, Peru, Tanzania, Kazakhstan, Ukraine and others. The hit enterprise includes the banks, government organisations and telecommunications companies.
The ATM Industry Association (ATMIA) said there are now close to three million cash machines installed worldwide. Accordingly, the code invisibly collects the passwords of system administrators so that the attackers could remotely control the victim’s systems.
“The ultimate goal appears to have been access to financial processes,” said Kaspersky Lab expert, Kurt Baumgartner, adding, “What’s interesting here is that these attacks are ongoing globally against banks themselves. The banks have not been adequately prepared in many cases to deal with this.”
Baumgartner went on to say that those conducting the attacks are “pushing money out of the banks from within the banks” by targeting computers that operate ATMs.
Unlike most other attacks, it drops no malware files onto the hard drive, but hides them in the memory. This combined approach helps to avoid detection by white listing technologies, and leaves forensic investigators with almost no artefacts or malware samples to work with.
Speaking to The Guardian, on the issue as it relates to Nigeria, the Chief Operating Officer, Manna Microfinance Bank, Tobe Nnadozie, the cyber attacks target mostly online platforms in Nigeria.
He stressed that banks that also try to do short cut by running payments on plain platforms without the security layers are the first set of casualties this will hit.
According to him, when the cyber fraudsters want to attack, they start with avenues they can easily penetrate. “Unfortunately for the industry, except we move on time, if they are able to hack into all these avenues, the danger is that there may be other bank cardholders that transact on these unsecured layers or the expired certificate layers and they will get their fingers burnt.”
0 comments:
Post a Comment