ATMs in Ukraine hit by cyberattack using newest ATM Trojan
ATMs located in public access areas and belonging to one of the largest Ukrainian banks were simultaneously attacked in all regions of the country by malicious code. ATMs that were loaded with money at Friday for an upcoming weekend were found to be empty of cash at Monday and no signs of physical damage were discovered. Initial examination also did not show any malicious code used by unknown hackers left in the devices. This large-scale action at the level of the whole country carried out over a single weekend followed by self-destruction of the malware used in cyberattack is currently the largest of its kind.
Malicious code called Ploutus was first detected in Mexico in September 2013. It is aimed at ATMs and has the ability to withdraw cash directly from the device. Information security professionals became instantly worried that this Trojan could be released to the international black market market in the near future. A new version of malicious code appeared in October 2013 and it introduced modular architecture and the interface translated into English. Ploutus’s main feature is the ability to deactivate traditional protection systems installed and active in the system that is being infected allowing attackers to install Ploutus even to the system with activated antivirus protection.
Traditionally the harderst part of any cyberattacks aimed at stealing money was to turn stolen data into cash. The appearance of the ATM-aimed Ploutus Trojan family greatly simplified the task for the attackers. In the past attacks on the ATM network had to be carried out in several stages including the need to hack databases of payment systems or banks. That made the attack detection relatively fast and in many cases helped prevent any kind of damage. However, any attack aimed directly at the ATM software that does not affect the database of the organization attacked can be detected only after the worst has already happened.
"We have witnessed an unprecedented level of cooperation among cybercriminals", says Denis Gasilin, head of marketing at SafenSoft, Russian self-service device information security software developer. "Large-scale international attacks on the ATM network already happened in the past, but never before were cybercriminals able to carry out such an attack affecting only the ATM network itself and leaving no trace at all. The level of cooperation on the cybercriminal side is sadly on a higher level than that of the defending side, so reactive methods of information protection just don’t work. The only way to reliably defend against targeted attacks using the latest malicious code is to use proactive technologies".
February 11, 2014
All news |
Print this page
January 22, 2014
February 19, 2014