Malware on USB Drives Used to Empty ATMs


Some ATM machines running Windows XP vulnerable to USB stick malware attacks

Some types of automated teller machine (ATM) malware are designed to steal sensitive information. However, there are some threats that enable the attacker to command the machine to simply hand over money.

Last week, at the Chaos Communication Congress (CCC), a couple of German researchers revealed finding a piece of malware that gives cybercriminals the ability to gain control of an ATM and instruct it to dispense money.

According to Wired, the malicious element is installed on a USB drive. The attacker goes to a vulnerable ATM running Windows XP, and cuts a piece of its chassis to gain access to its USB port.

Once that’s done, the malicious drive is connected to it and the ATM is forcefully rebooted. During reboot, the malware rewrites registries in order to give the attacker control of the machine.

After a few days, when the ATM is full of cash, the attacker goes back to it and uses a hidden menu to cut off the network connection and get the money.

It’s uncertain who is behind this piece of malware, but the researchers believe it’s either someone who reverse engineered a device or someone with inside knowledge. Either way, profound knowledge of ATMs is needed to pull off such an attack.

The researchers want to remain anonymous because they’re afraid of criminal organizations. They haven’t provided any details regarding the model of the targeted ATMs or the location where the malware had been found. It’s also uncertain if the use of this particular piece of malware is widespread.

On the other hand, the experts say that some banks have started upgrading their machines to make sure they can’t boot from a USB port. However, considering that there are a large number of ATMs worldwide, it’s likely that there still are some devices susceptible to such attacks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s