Thailand bank's £265,000 cash machine heist a 'carbon copy' of $2.2m Taiwan ATM attacks

Are ATM fraudsters exploiting known flaws in cash machines to infect them with malware and drain them of money?

The Government Savings Bank of Thailand has been hit by a 12 million baht (£265,000) ATM fraud in an attack that is believed to have been carried out by the same people behind the theft of $2.2m from ATMs in Taiwan last month.

The attack, according to local reports, occurred at the end of July and involved infecting at least 21 ATMs with malware that disconnected them from the bank's network.

Alarms that ought to have triggered a fast response from the bank's IT security team were ignored following a series of false alarms set off in advance of the attack - believed to have been triggered by the attackers to lull the bank's staff into a false sense of security.

The attackers were then able to insert their own cards into the machines and drain them of cash. Reports aren't clear about how they were able to compromise either the machines or the bank's network.

No customer accounts were compromised. The bank shut down some 3,000 cash machines out of 7,000 in its network in response when the attacks came to light.

"The evidence we have found makes us confident that this group is linked to the gang who committed a similar robbery in Taiwan," police general Panya Mamen told Thai newspapers. He added that the suspects were believed to be East European.

The Government Savings Bank of Thailand cash machines are supplied by NCR. The National Bank of Thailand warned that around 10,000 cash machines in Thailand remain vulnerable to malware attacks, implying that banks have been slow to update machines to patch for known vulnerabilities.

In the attack on Taiwanese cash machines at the beginning of July, Wincor Nixdorf cash machines were exclusively targeted, although the company was keen to assert that it is not only Wincor Nixdorf machines that have been targeted in such attacks.

"Our industry has knowledge of attacks that have been carried out in a similar manner on ATMs of various origins - of which both banks and manufacturers are aware," Wincor Nixdorf spokesman Ulrich Nolte told Computing.

In the Taiwan bank heist last month, the attackers got away with $2.2m in local currency in one weekend. The attackers are believed to have flown in on a Friday, spent the next two days attacking 34 ATMs in 20 branches in Taipei, New Taipei and Taichung before flying out.

Subsequent reports indicated that three men - a Latvian, a Romanian and a Moldovan - were arrested in connection with the attacks, while the ringleaders who escaped are believed to be Russian.