Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

ATMs Raided With Ploutus as Windows XP Zero Day Approaches

Windows XP will be officially discontinued on 8 April, but the legend platform is far from becoming extinct. 95% of the world’s ATMs are still powered by the 12-year old operating system, opening the door for Ploutus attacks. More and more hackers are using SMS messages to steal money.

As informed in our previous Windows XP Update, there are worrying amounts of businesses and workplaces still using the expiring platform. Surprisingly, such outdated systems and networks are not exclusive to poor countries.

The biggest problems are expected in the banking industry, with thousands of ATMs still using Windows XP. Upgrading the systems to newer software is going to be a long and costly process. Cybercriminals are already exploiting this issue.

Superpowers like JPMorgan have already paid Microsoft for extended customer service, but most Windows XP running bodies don’t have the financial muscle to afford such lavish arrangements. Their ATMs will soon be running on unpatched software that cannot deal with the ever-evolving malware such as the latest Ploutus Trojan.

The new-gen Ploutus malware is a very capable and potent ATM hacking weapon.

ATMs are contaminated by connecting mobile phones to the internals of the ATM, USB tethering being the most common way to get it done. The first text message activates the Backdoor.Ploutus.B (a new generation Ploutus variant) malware loaded on the phone, enabling the hacker to remotely communicate with the machines.

The hacker then starts sending numerical command messages to the phone, which Ploutus converts into network packets and injects into the contaminated machine. The malware also has a built in sniffer (NPM) to monitor all traffic inside the ATM, enabling the detection of numbers to construct legal commands for quick cash withdrawal.

To make matters worse, the phone connected illegally to the ATM never loses charge as it is constantly powered by the USB cable. Unlike earlier versions of the malware, the latest version is quick and doesn’t require the money fetcher to hang around the ATM for long periods. These robberies can go on for weeks or months without being detected.

CISOs and Banking Security executives need to take the following steps immediately:

  • Upgrade the ATMs and systems to supported Windows 7/8 or Linux.
  • Allocate more resources to physical security/surveillance around the machines.
  • Lock down the BIOS to prevent unauthorized criminal booting of the computer.
  • Employ full disc encryption to prevent disc tampering.

Besides these mandatory steps, the security executives should install only secure proprietary software on their systems. It must be made sure that these personalized applications are developed in a secure SDLC. Source Code Analysis (SCA) is a great way to ensure that software is produced with minimal vulnerabilities and loopholes.

Source – Texting ATMs for Cash

Jump to Category