ATMs in Ukraine hit by cyberattack using newest ATM Trojan
+7 (495) 967-14-51 

 Contacts   Sitemap  
Language:  Russian English     Search: 
 
Main page  →  Company  →  News & Events  →  2014
About Us
Awards
Contacts
News & Events
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
Press Center

News

RSS

 

ATMs in Ukraine hit by cyberattack using newest ATM Trojan

ATMs located in public access areas and belonging to one of the largest Ukrainian banks were simultaneously attacked in all regions of the country by malicious code. ATMs that were loaded with money at Friday for an upcoming weekend were found to be empty of cash at Monday and no signs of physical damage were discovered. Initial examination also did not show any malicious code used by unknown hackers left in the devices. This large-scale action at the level of the whole country carried out over a single weekend followed by self-destruction of the malware used in cyberattack is currently the largest of its kind.


Malicious code called Ploutus was first detected in Mexico in September 2013. It is aimed at ATMs and has the ability to withdraw cash directly from the device. Information security professionals became instantly worried that this Trojan could be released to the international black market market in the near future. A new version of malicious code appeared in October 2013 and it introduced modular architecture and the interface translated into English. Ploutuss main feature is the ability to deactivate traditional protection systems installed and active in the system that is being infected allowing attackers to install Ploutus even to the system with activated antivirus protection.


Traditionally the harderst part of any cyberattacks aimed at stealing money was to turn stolen data into cash. The appearance of the ATM-aimed Ploutus Trojan family greatly simplified the task for the attackers. In the past attacks on the ATM network had to be carried out in several stages including the need to hack databases of payment systems or banks. That made the attack detection relatively fast and in many cases helped prevent any kind of damage. However, any attack aimed directly at the ATM software that does not affect the database of the organization attacked can be detected only after the worst has already happened.


"We have witnessed an unprecedented level of cooperation among cybercriminals", says Denis Gasilin, head of marketing at SafenSoft, Russian self-service device information security software developer. "Large-scale international attacks on the ATM network already happened in the past, but never before were cybercriminals able to carry out such an attack affecting only the ATM network itself and leaving no trace at all. The level of cooperation on the cybercriminal side is sadly on a higher level than that of the defending side, so reactive methods of information protection just dont work. The only way to reliably defend against targeted attacks using the latest malicious code is to use proactive technologies".


 

February 11, 2014


All news  |  Print this page


January 22, 2014 

February 19, 2014 


 

Computer security: Information security solutions | Host Intrusion Prevention System (HIPS) | Endpoint protection | The best virus protection | Whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection | Online banking security | Online payment protection | Data leakage prevention (DLP) | Information security in medicine | Personal data protection |
  License   Press Center   Awards   Contacts   Sitemap   RSS 
SafenSoft, 2004-2017. All rights are reserved.