The top eight banks in Taiwan have been forced to shut down activity on hundreds of ATMs after a coordinated group of thieves used malware to steal NT$70 million ($2.17m, £1.64m, €1.9m) in cash.
Bank of Taiwan, Chang Hwa Bank, First Bank and five other institutions have reportedly suspended transactions on 900 cash machines following a major theft by three suspects on 9-10 July across 20 branches of the First Commercial Bank in Taipei and Taichung.
Police in the region, which is now investigating the heist, said at least one Russian national is believed to have fled the country on 11 July. The identities of the remaining suspects remain unknown at the time of writing.
First Bank vice president Yeh Chung-huei said the money was stolen from 34 ATMs in total and that malware was likely involved, reported the Strait Times. The machines involved, expected to resume operations on 13 July, were reportedly made by German banking manufacturer Wincor Nixdorf.
According to Taiwan's Central News Agency, CCTV footage from the banks showed unidentified men in masks putting large amounts of money from the ATMs into backpacks before making their getaway.
Law enforcement said that a bank insider may have been involved in the installation of the malware to help dispense bills automatically, however the probe remains ongoing.
According to Taiwan's financial regulator, the First Commercial Bank now has to 'bear full responsibility' for the theft. Additionally, Kuei Hsien-nung, vice chairman of the Financial Supervisory Commission (FSC) has reportedly asked the banking officials to explain the situation to the public.
As reported by the Focus Taiwan News Channel, First Bank is now required to conduct a full security audit to ensure its systems are rid of any malware or vulnerabilities.
'Skimer' could give criminals full control over cash machines
In May earlier this year, Russian cybersecurity firm Kaspersky Lab revealed that a long-used ATM malware programme called 'Skimer' had resurfaced in an evolved form and could be used to give cybercriminals "full control" over infected cash machines.
"Instead of installing skimmer devices (a fraudulent lookalike card reader over the legitimate reader) to siphon card data, they turn the whole ATM into a skimmer," Kaspersky researchers explained.
"With the ATM successfully infected with Backdoor.Win32.Skimer, criminals can withdraw all the funds in the ATM or grab the data from cards used at the ATM including the customer's bank account number and PIN code.
"A scary thing is that there is no way for common people to distinguish infected ATMs. They don't have any physical signs of being malicious, unlike in cases with a skimmer device when an advanced user can discover if it's replacing a real card reader of a machine."