Financial institutions have always been one of the primary targets for hackers.
Cyber criminals and hackers routinely launch massive, organized attacks on financial institutions in an attempt to steal data and money.
Most financial institutions, no matter how sophisticated their security network is, are vulnerable to such attacks on a global level.
Thailand recently became the latest victim of a massive hack attack by a group of cyber criminals.
In what is considered the biggest and most brazen hack in recent times, over 12 million baht ($350,000) was stolen from a bank’s ATM network by hackers.
The hack attack targeted the state-owned Government Savings Bank (GSB), one of the largest banks in Thailand.
Apparently, the hackers inserted malware programs into the bank’s ATMs to withdraw massive amounts of cash. They withdrew 40,000 baht at a time, over a period of eight days – August 1 to August 8.
The bank uses three types of ATMs, and the hackers chose to target one particular brand – NCR.
They withdrew money from 21 ATMs in various provinces like Bangkok, Phuket, Surat Thani, Phetchaburi, Prachuap Khiri Khan, and Chumphon. Soon, many of the NCR ATMs were having problems with missing money, which prompted the bank to look into the matter seriously.
Initial investigation revealed that over 960,000 baht had been withdrawn illegally from five of the teller machines during the time period.
Further investigation showed that 21 ATMs had been on the receiving end of a nasty malware hack, and the total sum of money stolen exceeded 12 million baht.
GSB has shut down 3,300 of its NCR teller machines as a result. It has sent the malware ridden hard drives to the company that manufactured the ATMs so that they can identify the nature of the malware and protect against similar hack attacks in the future.
The bank has also stated that it plans to demand compensation from the ATM manufacturer.
What makes this case stand out from the rest of the hack attacks on financial institutions in recent times is the fact that the malware used for the attack was so sophisticated that the bank did not detect it for some time.
The crooks used rigged chip cards to make the ATMs dispense 40s instead of the 20s they normally dispense.
The police say that the criminals first targeted an ATM in the Phangnga province a few months back, after which they planned and executed a series of highly organized, coordinated attacks on ATMs across the country.
In the initial hack attack, the suspect inserted a malware program into the ATM using an electronic device and a keyboard.
What is interesting is that such a hack attack should have set off an alarm and raised several red flags; however, hackers triggered a number of false alarms leading up to the attack in order to throw off the bank staff and authorities. It goes to show that the attack was meticulously planned and perfectly executed.
While the news of the hack attack sent the bank’s customers into a panic, GSB President assured that the money was not stolen from the customers’ accounts and that their money was still safe.
Based on the security camera footage, the police say that a gang of Eastern European criminals could be behind the hack attack.
They suspect that at least 25 people might be involved in the heist, and that the same people could be behind the Taiwan hack attack which resulted in over NT$70 million ($2.17 million) being stolen from the ATMs owned by prominent banks in the country.
The manhunt to catch the culprits behind these hack attacks is on, and the authorities are confident of catching the criminals before they make another such attempt.
What the Thailand hack attack shows is that hacking is not confined to a particular geographic location. It is a global menace that needs to be tackled by countries across the globe.
Banks and other financial institutions always need to be on guard against such attacks and should update their cyber security infrastructure regularly to lower the risk of such hack attacks. In other words, hackers are evolving, so it is time for others to evolve, too.