European police smash ATM malware gang

European police have arrested eight cyber criminals who raided automatic teller machines (ATMs) across the continent using Tyupkin malware.

The malware enabled the gang of Romanian and Moldovan nationals to manipulate ATMs and empty cash cassettes.

According to Europol, this is one of the first law enforcement operations against this form of cyber crime, known as ATM “jackpotting”.

An investigation by security firm Kaspersky Lab in 2014 found that the Tyupkin ATM malware was found mainly in Eastern Europe, but was also in use in the US, India and China.

Download this free guide

3 key web security guidelines from FS-ISAC

We address the ongoing issues regarding web security for businesses relying on an online presence. Download this e-guide and discover how to identify and address overlooked web security vulnerabilities as well as why you should look at the full security development lifecycle to reduce web threats.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The arrests and house searches in Romania and Moldova were conducted by the Romanian National Police and Romania’s Directorate for Investigating Organised Crimes and Terrorism (DIICOT) in collaboration with Europol, Eurojust and several European law enforcement authorities.

Europol did not specify how much money the gang was able to plunder, but said it had caused “substantial losses” across Europe.

Europol's European Cybercrime Centre (EC3) supported police forces across Europe in their efforts to identify the suspects by hosting a number of international operational meetings and analysing intelligence.

Europol said the joint international effort followed previous successful action against the threat posed by this type of malware.

Wil van Gemert, Europol’s deputy director operations, said there had been a major increase in ATM attacks using malicious software in the past few years.

“The sophisticated cyber crime aspect of these cases illustrates how offenders are constantly identifying new ways to evolve their methodologies to commit crimes,” he said.

“To match these new technologically savvy criminals, it is essential, as was done in this case, that law enforcement agencies co-operate with their counterparts via Europol to share information and collaborate on transnational investigations.”

EC3, which recognises the severity of the threat presented by ATM logical and malware attacks, has published security guidelines concerning this new cyber threat to ATMs.

The guidelines were produced in collaboration with the European ATM Security Team (East).

Europol said the guidelines are an example of a co-ordinated central response from law enforcement organisations and the industry to fight ATM malware threats by responding much more quickly and effectively. However, circulation of the document is restricted to law enforcement and to the banking and payments industry.