Sign in / up

back to article Russian ATM-popping gang used nation state cybercrook tactics

Cybercrooks are increasingly adopting tactics from more advanced hackers in order to steal millions of dollars from banks and other financial institutions. The first of the two cybercrime groups, dubbed Metel, are mostly active in Russia. The group’s typical modus operandi involves gaining control over machines inside a bank …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. 2460 Something

    Damn, that's some impressive and crazy stuff.

    With all the modelling software that is used for their automated detection you would have thought that it would also pick up on additional things like this. Surely they have a pattern of transactions over any period of time and could trigger an alarm when it doesn't match that pattern.

    Of course if they have already compromised the internal systems which use the same credentials as the monitoring servers then they may, over time, change the triggers anyway which puts you back to square one in fighting them. Training the staff not to fall for phishing attacks. Obviously a lot harder in reality than it sounds. Most of the people we follow up with as their accounts have been compromised deny ever following the links we have them tagged in the firewall for.

    Another method is good (and consistent) segregation of systems. Once again, data flow analysis in between each system on fibre taps with completely stand-a-lone systems doing the monitoring helps to increase the likelihood of keeping at least the monitoring solution secure, and so increases the ability to detect fraudulent non-analogous transactions. Yes it is expensive, Yes it is not necessary for most companies, we only tap our external lines, but then again, they are a bloody bank!

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      This actually shows up the poor state of bank security and the superficial efforts they seem to take towards security. I'd hope it is different in the West but this story indicates a lack of segregation between networks containing external web servers and internal machines. Lack of further segregation into separate uncrossable VLANs for ATMs and support machines. It all seems much akin to power companies that have their SCADA on the internet "for convenience".

      0 0 Reply
  2. Dan Wilkie

    Sorry legitimate pen testing tools like Putty and VNC (I'll let you have meterpreter)

    Are Remote Desktop Client and telnet pen testing tools as well now then?

    You're the Reg, not Fox News.

    Putty - Telnet/SSH/Serial etc used by practically everyone

    VNC - Used by many people in lieu of RDC, especially helpdesks because you can shadow a users screen rather than disconnecting them like with RDC. And of course you can use it to connect to Non-Windows systems too.

    6 0 Reply
    1. Bc1609
      Reply Icon

      Maybe that's what they meant by 'legitimate pen testing tools' - tools that have legitimate uses other than pen testing? I agree it was a bit of an oddly-phrased sentence.

      0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Money out of thin air?

    Sounds a lot like my government, only more honest and competent.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like