KUALA LUMPUR: Banks should never think that they are safe from hacking because criminals are always finding ways to beat the system, says a cyber security expert.
When told of the latest ATM hacking, Cybersecurity Malaysia (CSM) Responsive Services vice-president Dr Aswami Fadillah Mohd Ariffin said: “They have upgraded!”
He said the suspects must have a programmed credit card, which they used in their hackings, enabling them to override the operating system of the bank’s ATMs and issue commands to release money.
“Maybe the ATM’s operating system is outdated,” said Dr Aswami.
“If they were using Windows XP, that would make the system susceptible to hackings.
“A chip is like a mini version of a computer with its own operating system.
“It can be programmed to exploit the weaknesses in the outdated system and make it issue commands to withdraw certain amounts of money.”
After last year’s ATM hackings, the nation’s cyber security agency said it had issued advisories to banks on the need to upgrade their operating systems and pointed out the risks faced.
“But we don’t know if they actually took our advice. We are just like parents, you know.
“We can advise the children but it’s really up to them.
“But cyber criminals are always upgrading their technique. They are always finding a new way. So, agencies also need to keep up,” Dr Aswami said.
He suggested that finance institutions meet with Bank Negara Malaysia experts and come out with a solution on the latest technology they needed to adopt to prevent further hackings.
Dr Aswami said CSM was ready to help the central bank and the police in the digital forensic investigations into the latest hacking.
Malaysia is not alone in this digital crime spree. Since 2013, over a hundred banks in 30 countries have been affected and hackers stole nearly US$1bil (RM4.31bil).
In a report published by Kaspersky Lab last year, the software security company said hackers had been using methods as reported in Malaysia to take advantage of the weak infrastructure of ATMs worldwide and infect them with viruses.
In February, Kaspersky published another report of a gang called “Carbanak” which infiltrated banking institutions by sending e-mails laced with malware to employees.
Employees who opened the e-mails allowed hackers to gain control of the bank systems and opened accounts to move money out of the banks.
“It’s like an arms race. Security companies develop better protection and criminals develop better malware to bypass it,” Interpol’s Digital Crime Centre director Sanjay Virmani was quoted as saying.
He said no sector could consider itself immune to attacks and should constantly address security procedures.
Interpol and Kaspersky issued a collective list of suggestions to banks to foil cyber attack.
These included reviewing the physical security of their ATMs, replacing locks and master keys on their top panels or ditching the default ones provided by the manufacturer.
They also suggested changing the machines’ default passwords and installing alarms on them as cyber criminals only targeted ATMs without alarms.
Banks were also urged to ensure that their machines had up-to-date anti-virus protection.
View the original content and more from this author here: http://ift.tt/1KNdFEJ
from hacker samurai http://ift.tt/1Qcdhh1
via IFTTT
No comments:
Post a Comment