FOLLOWING the recent malicious software attack on Government Savings Bank ATMs, a Russian expert on cyber security has advised Thai banks to be more serious about developing cyber intelligence in order to help them understand the risks from a new breed of
In late August, Thai police issued an international warrant for a Russian man suspected of illegally withdrawing cash from as many as 13 ATMs in July along the route from Phuket to Chumphon, Prachuap Khiri Khan, Phetchaburi and Bangkok.
According to Police General Panya Mamen, the chief investigator, Rustam Shambasov, 29, who took a flight back to Moscow on August 1, managed to steal as much as Bt3 million between July 15 and 30.
Shambasov’s identity was confirmed by a photocopy of his passport used to rent a Toyota Fortuner vehicle before starting a series of ATM “hacks”, along with seven other Eastern European suspects, police told local media.
Victor Ivanovsky, who is responsible for global business development of the group-IB cyber-security company, told RBTH that the pattern used by the cyber criminals was revealed two years ago, when a group called Anunal targeted ATMs produced by Wincor Nixdorf.
According to Ivanovsky, the first heists were designed and carried out by Russian-speaking cyber criminals, who were then followed by two other cyber groups involving Russian-speaking hackers, Corkow and Buhtrap.
Ivanovsky says the criminals in Thailand knew the bank’s infrastructure well and understood how the ATM software worked. “It’s not accurate to just talk about malware, because the criminals used both technical tools and methods of social engineering to break in,” Ivanovsky said.
One of the potential risks that banks now face is that cyber criminals, having already compromised the system, may have left “bugs” in it, and could use their access to internal processes in the future.
Ivanovsky believes there have been cases when cyber criminals used banks’ access to trading platforms to shift the national currency rate by up to 15 per cent.
He said there are no totally safe systems and all countries are under risk. In July, Reuters reported about a similar operation in Taiwan. In another case, three Russians were arrested in Vietnam.
In order to protect their money, Thai banks should be more serious about developing cyber-intelligence to understand the specific risks they face from criminals, Ivanovsky said.
He believed banks should be prepared for much smarter cyber criminals. Among other things, he said, criminals would soon learn how to use knowledge about future currency rates to steal money.