Tyupkin – Have you heard of it? Whether you’re familiar with this ATM manipulating malware or not, NuSource Financial is here to shed some light.
Tyupkin is a type of malware that allows attackers to empty an ATM’s cash cassettes via direct manipulation, without using a debit or credit card. Many experts are referring to these attacks as “jackpotting,” since criminals are able to completely drain ATMs of their cash – millions of dollars, to be specific.
So how does it work?
According to Kaspersky Labs’ Global Research & Analysis Team, the criminals work in two stages. Kaspersky states, “First, criminals gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.”
Using malware to “cash out” ATMs appears to be the new cybercriminal tactic of choice. Because of this, Financial Institutions should take the necessary precautions in order to protect their assets. Since criminals need physical access to the ATM when transferring the malware, physical security and virus protection are places to start when it comes to preventing attacks against Tyupkin or other Advanced Targeted Attacks (ATA).
Here’s what you can do…
- Review your physical security and update your video, camera and alarm systems if needed.
- Consider the physical environment of your ATM deployment: Lobby ATMs should not be deployed in 24/7 unattended environments without compensating physical security controls. Through-the-wall ATMs might be better suited for these locations since access to the ATM becomes more restricted.
- Password protect your ATM system settings: This is a service NuSource provides as standard policy.
- Do not rely on antivirus protection as your main deterrent: Standard Antivirus (Gen1) and White Listing Software (Gen2) will not prevent against most Zero-Day and Advanced Targeted Attacks (Gen3).