atm malware | Breaking Cybersecurity News | The Hacker News

Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker . The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data. Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation. The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin , which was first analysed in 2014 by Kaspersky Lab and used

Law enforcement authorities from Europe and Russia have arrested five members of an international cyber criminal gang for stealing $3.2 million cash from ATMs using malware. Three of the suspects, Andrejs Peregudovs (41), of Latvia, Niklae Penkov (34) of Moldova, and Mihail Colibaba (30) of Romania, were arrested in Taiwan by the Taiwanese Criminal Investigation Bureau last summer, have already been sentenced to 5 years in prison for their role in a massive ATM heist operation, involving 22 individuals from 6 countries. The European-based cyber criminal gang used a variety of different hacking techniques to infect ATMs with malware and force them to dispense cash. According to Europol that began its investigation in early 2016, the gang used spear-phishing emails containing malicious attachments to target bank employees and penetrate the bank's internal networks. From there, the cyber crooks then located and hacked into the network of ATMs from the inside, and used a m

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or