The Taiwan ATM hack is considered one of the first major cyberheists of its kind that involved hackers using a malware to steal millions from ATMs. Authorities believe that a total of 22 suspects were involved in the ATM hack, three of whom have now been jailed in Taiwan, according to reports.
The three Eastern European men - Latvian Andrejs Peregudovs, Mihail Colibaba from Romania and Niklae Penkov from Moldova - have been convicted by the Taipei District Court over fraud and cyber crimes charges, Taiwan News reported.
The three are believed to be a part of an international organised crime syndicate, spanning six countries that reportedly hacked into 41 ATMs belonging to Taiwan's First Commercial Bank in July 2016 and made away with $2.6m (£2m). The heists saw the bank shut down over 1,000 cash machines.
Prosecutors sought 12-year jail terms, saying the actions "seriously disrupted financial order and caused public panic", the BBC reported. However, the three men were sentenced to five years in prison and fined $19,000 (£15,147). The case can be appealed. Prior to the court's decision, the three suspects said that if convicted, they would appeal.
Authorities in Thailand believe that the case may be linked to a similar cyberheist that occurred in early August. Cybersecurity experts believe that the cybercrime gang used the Ripper malware to carry out the thefts.
As many as 19 suspects believed to be involved in the ATM cyberheist are still at large.
Alex Mathews, lead security evangelist at Positive Technologies, told IBTimes UK:"Flaws in the underlying software used on many ATMs worldwide are increasingly becoming an open to door attackers. Many ATMs still work on outdated operating systems such as Windows XP, which is not even updated anymore and is becoming ever more full of security holes.
"Such attacks rely on having physical access to the ATM, using anything which can upload a small amount of code," he added. "To thwart modern bank robbers, the first step is to look at the human element and increase employees' awareness levels to spot and stop phishing attacks. In tandem, existing vulnerabilities should be identified and systems patched to close the holes that hackers look to exploit."