A shadowy Russian teenager has emerged as the new threat to Indian banks
'Tyupkin' is a virus that can force ATM machines into maintenance mode and spew out cash
A year ago, cyberattacks had rattled banks in Europe and parts of Asia and Latin America
A shadowy Russian teenager has emerged as the new threat to Indian banks. He's said to hack ATMs using 'Tyupkin' -- a virus that has the sinister power to force cash machines into maintenance mode and spew out currency notes.
About a month ago, NCR Corp, the world's largest maker of ATMs, alerted banks about the malware. The 19-year old Russian's tentacles are suspected to have reached deep into India after some people were discovered trying to rob ATMs in Surat by infecting the cash machines. The Gujarat police arrested them and the case is under investigation.
The modus operandi involves plugging in a USB drive or rebooting the ATM after taking off the side or back panel of an ATM. Once infected, a few simple keystrokes cause the cash to flow out.
A year ago, cyberattacks had rattled banks in Europe and parts of Asia and Latin America. A Russian gang, known as Anunak in the world of cybercrime, that was responsible for the attacks is said to have turned its attention on India, having spotted a vulnerability as many of its ATMs are old and use outdated software.
How serious is the threat?
"ATMs of all types, irrespective of their make, are vulnerable to malware attacks," NCR India managing director Navroze Dastur told ET. "We have advised all banks certain precautionary measures like password protection, upgrading software and whitelisting the ATM software."
"NCR recommends device control for anything connectable to ATMs, using firewalls and providing the possibility to update software securely and without risks," he said.
Whitelisting is a process that ensures only authorized programs and pre-approved applications can run on an ATM.
"So, when a new software used by a hacker attempts to barge in, the machine will not accept the same. Some of the banks have implemented it," said Dastur.
Until now, card skimming stealing customer data to withdraw cash or carry out online transactions had been the prime security headache for the country's banking industry. That led the Reserve Bank of India to direct banks to issue chip-based and PIN-enabled debit and credit cards.