European police have arrested eight cyber criminals who raided automatic teller machines (ATMs) across the continent using Tyupkin malware.
The malware enabled the gang of Romanian and Moldovan nationals to manipulate ATMs and empty cash cassettes.
According to Europol, this is one of the first law enforcement operations against this form of cyber crime, known as ATM “jackpotting”.
An investigation by security firm Kaspersky Lab in 2014 found that the Tyupkin ATM malware was found mainly in Eastern Europe, but was also in use in the US, India and China.
The arrests and house searches in Romania and Moldova were conducted by the Romanian National Police and Romania’s Directorate for Investigating Organised Crimes and Terrorism (DIICOT) in collaboration with Europol, Eurojust and several European law enforcement authorities.
Europol did not specify how much money the gang was able to plunder, but said it had caused “substantial losses” across Europe.
Europol’s European Cybercrime Centre (EC3) supported police forces across Europe in their efforts to identify the suspects by hosting a number of international operational meetings and analysing intelligence.
Europol said the joint international effort followed previous successful action against the threat posed by this type of malware.
Wil van Gemert, Europol’s deputy director operations, said there had been a major increase in ATM attacks using malicious software in the past few years.
“The sophisticated cyber crime aspect of these cases illustrates how offenders are constantly identifying new ways to evolve their methodologies to commit crimes,” he said.
“To match these new technologically savvy criminals, it is essential, as was done in this case, that law enforcement agencies co-operate with their counterparts via Europol to share information and collaborate on transnational investigations.”
EC3, which recognises the severity of the threat presented by ATM logical and malware attacks, has published security guidelines concerning this new cyber threat to ATMs.
The guidelines were produced in collaboration with the European ATM Security Team (East).
Europol said the guidelines are an example of a co-ordinated central response from law enforcement organisations and the industry to fight ATM malware threats by responding much more quickly and effectively. However, circulation of the document is restricted to law enforcement and to the banking and payments industry.