ATM machines worldwide have been emptied by hackers, handing over millions as they manipulate the machines to exploit known vulnerabilities in their operating systems, researchers say.
Kaspersky Lab researchers, in collaboration with Interpol, announced earlier this week they had detected more than 50 ATM machines infected with malware, with the majority located in Russia. However, researchers warned the threat has continued to evolve in recent months, spreading to several other countries, including the U.S., India, China and France.
The new malware—named Tyupkin—appears to affect ATMs from a particular manufacturer running Microsoft Windows 32-bit.
“The malware uses several sneaky ways to avoid detection,” the researchers wrote. “First of all, it is only active at a specific time at night. It also uses a key based on random seed for every session. Without this key, nobody can interact with the infected ATM.”
The researchers added that once the correct key is entered, the machine displays the amount of money available to dispense, allowing the attacker to withdraw 40 notes from the selected cassette. When an incorrect key is entered, the malware begins to disable the local area network.
The video below demonstrates how the ATM attack is carried out:
The discovery of the Tyupkin malware follows the recent announcement of the highly-targeted attack on JPMorgan—alarming financial institutions of their increasing attack surface. By placing custom malware into the bank’s network, hackers were granted access to the sensitive information of 76 million households and 7 million small businesses.
Lamar Bailey, Tripwire’s director of the Vulnerability and Exposure Research Team (VERT), says organizations should always be wary of the threat posed by malware attacks, “Malware never dies; it just evolves to elude current detection algorithms.”
The researchers urge banks to review the physical security of their ATMs, as well as investing in security solutions to mitigate these increasingly sophisticated threats.
Read More Here…