ATMs running Windows XP targeted with cash-dispensing malware
Posted on 25.03.2014
Microsoft has been aggressively campaigning to get users to stop using Windows XP, and has gone so far as to offer $100 off the purchase of a new PC via the Microsoft Store in order to sweeten the switch to a newer OS (preferably Windows 8).

But there is a massive number of devices that won't be so easily upgraded, as 95 percent of ATMs is running on the soon-to-be outdated and unsupported Windows XP.

Infection with a variant of the Ploutus ATM malware will likely be the most imminent danger for ATMs. First spotted being used in Mexico last year, the malware became modular, and new variants using the English language indicate that the next target are ATMs in English-speaking countries, likely the US.

While Ploutus initially required attackers to use an external keyboard to order the ATM to spew out money, with the newer variants in play they need to send an SMS to the compromised ATM, then simply go and collect the dispensed cash.

In order to send the SMS, they first need to connect their mobile phone to the ATM, and that can be done in a number of ways.

"A common method is to use a setup called USB tethering, which is effectively a shared Internet connection between a phone and a computer (or in this case, an ATM)," Symantec researchers explain.

"The attackers need to set the phone up correctly, connect it to the ATM and infect the ATM with Ploutus. Once all of these steps are complete, a full two-way connectivity is established and the phone is ready to be used."

Two messages are sent to the ATM. The first instructs the ATM to start running Ploutus, which has been previously installed on it. The second one tells the ATM to dispense the money.

Symantec researchers have also recorded a helpful video that shows each of these steps (and if you've never seen what an ATM looks like on the inside, this is your chance):


They also offered advice on what to do to protect these vulnerable ATMs from attackers.

Apart from upgrading to a newer OS, setting the BIOS to prevent the booting of unauthorized media is also a great idea. Banks could also try to make it more difficult for attackers to access the ATMs' computer, and could install CCTV cameras and train them on the ATMs in order to spot suspicious behavior or be able to identify attackers after a successful theft.

Finally, they could start using full disk encryption, and perhaps even a software system lock down solution.









Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //