Hackers Cash In On ATMs

  /     /     /  
Publicated : 22/11/2024   Category : security

Hackers Cash In On ATMs


Malware uses text messages and other techniques to infect ATMs and ultimately allow criminals to steal cash.


A text message is sent, and cash starts spitting out of an ATM infected with malware.
That is one of the capabilities of a sophisticated variant of malware known as Ploutus that has been linked to attacks in Mexico and the Ukraine. In the process, it has become another example of how hackers
are turning their attention to ATM machines
as another avenue to a banks coffers.
Ive heard some people saying, Well, you know you need physical access to the machine and that makes it more difficult, says Symantec researcher Liam O Murchu. And that is true, but the reason we are reporting on this is because this is something weve seen being used… So even though it may seem like, Well, you need physical access to the machine so its not really going to happen, it is happening, and were seeing people arrested in Mexico, and were seeing it being used elsewhere.
Symantecs recent report
on the capabilities of the Ploutus malware served to underscore the issue, but also drew some critics who highlighted the difficulties of getting away with opening up a machine and inserting a mobile phone, USB stick, or anything else. Yet that is precisely what researchers at the Chaos Communications Conference in December
said they uncovered in the wild
: attackers uploading malware onto ATMs by vandalizing machines and inserting USB sticks. They then covered up the hole so they could remain undetected.
When I hear about a successful malware attack on any ATM, I am not particularly interested in the features which the malware implements, such as its user interface, what data it captures, how it manages the casher mules, and so on, says Henry Schwarz, software projects director at ATM manufacturer Triton. The central issue is how the malware made its way onto the ATM in the first place -- that is the attack vector which must be addressed. Once malware is running on an ATM, the damage is done.
According to Schwarz, Triton takes various precautions to prevent malware infections. For example, Tritons ATMs now verify software has been digitally signed by Triton using its private key. If the digital signature is incorrect, the ATM does not accept the software.
The most common vulnerabilities are those that arise almost directly from making maintaining ATMs easy for technicians in the field, explains Mike Park, managing consultant at Trustwave. These include easy-to-pick locks, the ability to bypass locks, ATM operating systems running as administrator without a password, and USB ports both enabled and in the boot order before the hard drive. Many lack hard drive encryption or any form of endpoint security. Anti-virus, for instance, can bog a machine down such that transactions take far too long to complete.
By far our most successful and easiest attacks are to gain access to the ATM network and manipulate ATM requests and responses, allowing us to gain access to the cash in the ATM without having to actually touch the machine, except to initiate a legitimate transaction.
Some of the companys most successful attacks during penetration tests do not require physical access to the device and are agnostic to the operating system, Park tells us. Network-based attacks have proven repeatedly to be both easy to exploit and lucrative, and at times testers have been able to hide the fact that the ATM was compromised from a central management application.
Based on the companys penetration tests, ATM manufacturers and banks should take measures such as adding a BIOS password, encrypting the hard drive, and installing host intrusion detection systems, Park says. In addition, armoring application binaries against reverse engineering and using endpoint security solutions can help as well.
The biggest issue however is that implementing many of these security measures make ATM technical maintenance much more difficult, time consuming, and expensive, says Park. Technicians will need a large ring of keys -- will need to know BIOS password and admin passwords when doing routine or emergency maintenance.
Telling ATM owners to pay more attention to physical device security in the form of cameras and other methods as opposed to upgrading devices is a losing proposition, opines Craig Young, security researcher at Tripwire.
ATMs are networked devices which can potentially be attacked without direct physical access to the system, he says. Migrating from [Windows] XP embedded is really the ideal solution as newer operating systems will not only benefit from ongoing security updates but also from security enhancements integrated into newer operating systems.
Support for the Windows XP embedded products varies depending on the version of the product, according to a timeline 
set out by Microsoft
.
From a technical standpoint, organizations not in a position to upgrade ATMs from Windows XP do have some options for system hardening, notes Young. As a starting point, USB ports should be locked down as much as possible. This could be a physical solution such as an additional locking mechanism over the USB port or a technical solution such as disabling USB ports within software.
Attacks against ATMs are on everyones radar, says Troy Leach, chief technology officer at PCI Security Standards Council. 
According to findings from the ATM Industry Association’s 2012 ATM Global fraud survey, skimming remains the top global threat to ATMs, with different kinds of brute force attacks continuing unabated, he tells Dark Reading. PIN and account data present in  ATMs has become a growing target for criminals who use this stolen information to produce counterfeit cards for fraudulent transactions, primarily ATM cash withdrawals.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Hackers Cash In On ATMs