Thai banks need to be more serious about cyber intelligence– Russian expert

Thai ATMs are increasingly vulnerable to cybercriminals.

Thai ATMs are increasingly vulnerable to cybercriminals.

Alamy/Legion-Media
The pattern that was used by the suspected Russian-speaking cybercriminals to withdraw money from ATMs in different locations in Thailand was revealed 2 years ago. A Russian expert talks to RBTH about the security measures that banks need to undertake to prevent theft.

In late August, Thai police issued an international warrant for a Russian national suspected in illegally withdrawing cash from as many as 13 ATMs in July along the route from Phuket to Chumphon, Prachuap Khiri Khan, Phetchaburi and Bangkok.

According to Pol Gen Panya Mamen, the chief investigator, Rustam Shambasov, 29, who took a flight back to Moscow on Aug. 1, managed to steal as much as 3 million baht ($87,000) on Jul. 15-30. The Nation reported that Shambasov's identity was confirmed by a photocopy of his passport used to rent a Toyota Fortuner vehicle before starting a series of ATM ‘hacks,’ along with seven other Eastern European suspects.

Victor Ivanovsky, who is responsible for Global Business Development of the Group-IB cyber security company, told RBTH that the pattern used by the cybercriminals was revealed 2 years ago, when a group called Anunal targeted ATMs produced by Wincor Nixdorf.

According to Ivanovsky, the first heists were both designed and carried out by Russian-speaking cybercriminals, who were then followed by two other cyber groups involving Russian-speaking hackers, Corkow and Buhtrap.

Course of action

Ivanovsky says the criminals in Thailand knew the bank's infrastructure well and understood how the ATM software worked. “It's not accurate to just talk about malware, because the criminals used both technical tools and methods of social engineering to break in,” Ivanovsky adds.

One of the potential risks that banks now face is that cybercriminals, having already compromised the system, may have left their 'bugs' in it, and could use their access to internal processes in the future. 

Ivanovsky believes that there were cases when cybercriminals used banks' access to trading platforms to shift the national currency rate by up to 15 percent.

According to Ivanovsky, there are no totally safe systems and all countries are under risk. In July, Reuters reported about a similar operation in Taiwan.  In another case, 3 Russians were arrested in Vietnam.

In order to protect their money, Thai banks should be more serious about developing cyber intelligence to understand the specific risks they face from criminals, Ivanovsky says. 

Ivanosky believes that banks should be prepared for much smarter cyber criminals. Among other things, he says, criminals will soon learn how to use knowledge about future currency rates to steal money.

Read more: Southeast Asian nations spice up Moscow’s cultural calendar

Subscribe to RBTH's Asia-related content

* indicates required

All rights reserved by Rossiyskaya Gazeta.

More exciting stories and videos on Russia Beyond's Facebook page