Beware of cybercrime ATM stealing cash

Almost 95% of ATM devices still run the Windows XP operating system. With the arrival of the date on April 8, 2014, when Microsoft announced that it will stop providing technical support for Windows XP, the banking industry will face more ATM networks. Malicious threats.

At the end of 2013, the Symantec Security Bulletin had analyzed new ATM malware named Backdoor.Ploutus from Mexico. Through this software, an attacker can use an external keyboard to extract cash from ATMs. A few weeks later, Symantec discovered a new version of the software - it has been upgraded to a modular architecture, Backdoor.Ploutus.B (Ploutus), and can attack ATMs via SMS.

Overview of the attack process:

1. The attacker installed Ploutus on the ATM and connected the mobile phone via the USB cable

2. Send two SMS messages to the ATM built-in mobile phone via the controller

a. SMS 1 contains a valid activation ID, which starts Ploutus within the ATM

b. SMS 2 contains a valid allocation order to withdraw cash

3. Mobile phones forward valid SMS to ATM in the form of TCP or UDP packets

4. The ATM internal network packet monitoring module receives TCP/UDP packets. If it contains a valid command, it can start Ploutus.

5.Ploutus triggers ATM to spit cash, the amount of cash is preset in the malware

6. Criminals withdraw cash from ATM

In addition to Ploutus, Symantec also discovered multiple malicious software that attacks ATMs. The attacker may use Ploutus to steal cash from the ATM, and may also try to steal the user's bank card information and password through Other malicious software, and some malicious software will also take the middleman attack. All in all, there are many ways to attack malicious attacks on ATMs, and it needs to attract the public's attention.

How to protect ATM equipment from infringement?

Although the security features of modern ATM machines have actually been strengthened, there are still great security challenges for older Windows XP system ATMs. At the same time, the physical security of the internal computer of the ATM is another problem that needs to be solved urgently, because although the ATM machine securely keeps the cash in the safe, the computer does not.

In response to this situation, Symantec recommends that banks and other financial institutions adopt the following best security practices:

• Upgrade operating system to Windows 7 or Windows 8

• Provides adequate physical protection and installation monitoring

• Lock the BIOS to prevent boot from unauthorized media such as CD ROM or U disk

• Use full disk encryption to prevent hard disk tampering

• Use system lock-in solutions such as Symantec Critical System Protection

With these measures, attackers can hardly attack ATMs. In addition, Symantec has announced that existing user, terminal and server security solutions will continue to support Windows XP systems in the short term, and Symantec strongly recommends that users still using Windows XP upgrade to newer ones as soon as possible. version of.