Man arrested in Portsmouth on suspicion of cyber attacks on UK ATMs using Tyupkin malware

Eastern European gang suspected of using Tyupkin to drain £1.6m from cash machines

A man has been arrested in Portsmouth on suspicion of masterminding a £1.6m "cyber attack" on cash machines across the country.

Allegedly part of an organised gang from Eastern Europe, the group targeted cash machines in Brighton, London and Liverpool by injecting a virus into the machines. The gang accessed the machines by drilling holes in them in the exact place to insert a USB stick containing the malware, dubbed Tyupkin.

"An extensive, intelligence-led investigation has uncovered what we believe is an organised crime gang systematically infecting and then clearing cash machines across the UK using specially created malware," Detective Inspector Dave Strange told the Daily Mail.

He continued: "Cyber-enabled crime presents a major threat to our public and private sectors and to an increasing number of citizens. The only way to tackle this is by law enforcement and counter fraud agencies working in alliance, which is exactly what the London Regional Fraud Team and National Crime Agency (NCA) have done over several months culminating in today's arrest."

After the machines had been infected, the attackers were able to simply withdraw an unlimited amount of money from them at a time specified in the malware code.

Kaspersky, the Russian security software company, first identified the malware that the gang used.

It had been thought that the attacks used the Tyupkin malware, which only works on certain ageing cash machines running Windows, had been largely restricted to Eastern Europe.

"Over the past few years, we have observed a major upswing in ATM [automated teller machine] attacks using skimming devices and malicious software.

"Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly. This is done by infecting ATMs themselves or launching direct APT-style attacks against banks. The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure," said Vicente Diaz, principal security researcher at Kaspersky Lab's Global Research and Analysis Team.