A cartel of hard-to-detect group of Russian-language hackers are now on the sprawl, starching away hard currency from banks’ Automated Teller Machines (ATMs) and mainly interbank transfer systems.
A report released by Group-1B said in the last 18 months, key targets had been banks and financial institutions in US and Russia.
The group also revealed that the activities of the hackers are rising and may expand to banks in Latin America and even Africa from next year.
The first attack occurred in the spring of 2016 against banks in First Data’s (FDC.N) “STAR” network, the largest U.S. bank messaging system connecting ATMs at more than 5,000 organisations, Group-IB researchers said in a 36-page report.
In a release, First Data said a number of small financial institutions operating on STAR network had had their credentials breached for administering debit cards earlier in 2016, leading it to implement new mandatory security controls.
The firm said the STAR network was never itself breached.
It said it was investigating some incidents where hackers studied how to make money transfers through the SWIFT banking system, while stopping short of saying whether any such attacks had been carried out successfully.
ALSO SEE: Lagos earmarks 67% of 2018 budget to capital expenditures
SWIFT said in October that hackers were still targeting its interbank messaging system, but security controls instituted after last year’s 81 million dollars heist at Bangladesh’s Central Bank had thwarted many of those attempts.
Group-IB has dubbed the hacker group “MoneyTaker” after the name of the software it used to hijack payment orders to then cash out funds through a network of low-level “money mules.”
The Moscow-based security firm said the hacker group hired “money mules” to pick up money.
“The average amount of money stolen in each of the 14 U.S. ATM heists was 500,000 dollars per incident. Losses in Russia averaged 1.2 million dollars per incident.