Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,381
- Points
- 113
A new virus attacking ATMs has emerged in Russia. The peculiarity is that it penetrates the ATM without any physical contact, and it is difficult to identify and fix the problem. The purpose of the virus is not customer funds, but money in an ATM, which is configured to issue all the largest bills to anyone who has typed a certain code.
Until a simple control mechanism is found, banks can only increase the overall security level of their networks. However, for most players it is easier and cheaper to insure ATMs, which will only spur the spread of fraud.
On Friday, Artem Sychev, the deputy head of the Central Bank of the Central Bank of Ukraine, announced a new contactless method of stealing funds from ATMs. "When we talked about skimming, we always noted that an attacker must put something on the ATM, now a new technology has appeared," he clarified, without disclosing the details, but saying that information about the problem and the possibility of countering it was brought to market participants (in FinCert mailings), writes kommersant.ru.
FinCert described a new method of attacks on ATMs on March 15. It reported on the so-called disembodied or fileless virus that "lives" in the ATM's RAM. The newsletter notes that it is the first time it has been seen in ATMs in Russia. Since the virus does not have a file body, antiviruses cannot see it, and it can live in an infected ATM for as long as desired.
The virus is aimed at stealing funds directly from an ATM, which, upon entering a given code, issues all the cash from the first cassette of the dispenser, where the largest bills (with a denomination of 1,000 or 5,000 rubles) are stored - 40 pieces. Anyone who enters the code can receive funds, but it is difficult for an ordinary person to find it, too long attempts can raise suspicion among the bank's security services.
If in Russia this scheme was used by scammers for the first time, then in the world there have already been such cases. “Only professional criminals can steal funds with the help of a fileless virus, since this requires quite serious technologies,” says Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies. and from there the virus enters a separate closed loop of the ATM network."
Bank employees who received FinCert's mailings said that in this case, the devices of the largest ATM manufacturer, NCR, were affected. But bankers are not going to abandon this brand, since any ATM can be struck in this way. "The identified vulnerability is not typical for a particular manufacturer, since all ATMs work under Windows."
Experts have not yet found a simple and effective way to combat the new virus. "When the ATM is restarted, the virus, in theory, should be removed from the RAM without a trace," notes Sergey Chernokozinsky, head of the information security department of OTP-bank".
Constantly restarting ATMs is not a way out of the situation, bankers say. According to them, rebooting an ATM takes about five minutes, that is, such a procedure cannot be carried out unnoticed by customers, besides, an ATM, like any computer, frequent reboots are harmful.
Until the antidote is found, bankers have to prevent ATMs from getting infected. “To protect themselves from such intrusions, banks must strengthen the protection of the external circuit and the ATM network,” says Maxim Dareshin, head of the self-service systems development department of Alfa-Bank. “However, the peculiarity is that the cost of host protection does not depend on the number of ATMs connected to the network. , one hundred or a few thousand ". "In such a situation, banks with small ATM networks, comparing the volume of costs and risks, are unlikely to willingly invest in security, preferring to insure ATMs against theft," says a specialist in a large bank, recognizing that this approach will stimulate fraudsters further spread a new virus.
Until a simple control mechanism is found, banks can only increase the overall security level of their networks. However, for most players it is easier and cheaper to insure ATMs, which will only spur the spread of fraud.
On Friday, Artem Sychev, the deputy head of the Central Bank of the Central Bank of Ukraine, announced a new contactless method of stealing funds from ATMs. "When we talked about skimming, we always noted that an attacker must put something on the ATM, now a new technology has appeared," he clarified, without disclosing the details, but saying that information about the problem and the possibility of countering it was brought to market participants (in FinCert mailings), writes kommersant.ru.
FinCert described a new method of attacks on ATMs on March 15. It reported on the so-called disembodied or fileless virus that "lives" in the ATM's RAM. The newsletter notes that it is the first time it has been seen in ATMs in Russia. Since the virus does not have a file body, antiviruses cannot see it, and it can live in an infected ATM for as long as desired.
The virus is aimed at stealing funds directly from an ATM, which, upon entering a given code, issues all the cash from the first cassette of the dispenser, where the largest bills (with a denomination of 1,000 or 5,000 rubles) are stored - 40 pieces. Anyone who enters the code can receive funds, but it is difficult for an ordinary person to find it, too long attempts can raise suspicion among the bank's security services.
If in Russia this scheme was used by scammers for the first time, then in the world there have already been such cases. “Only professional criminals can steal funds with the help of a fileless virus, since this requires quite serious technologies,” says Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies. and from there the virus enters a separate closed loop of the ATM network."
Bank employees who received FinCert's mailings said that in this case, the devices of the largest ATM manufacturer, NCR, were affected. But bankers are not going to abandon this brand, since any ATM can be struck in this way. "The identified vulnerability is not typical for a particular manufacturer, since all ATMs work under Windows."
Experts have not yet found a simple and effective way to combat the new virus. "When the ATM is restarted, the virus, in theory, should be removed from the RAM without a trace," notes Sergey Chernokozinsky, head of the information security department of OTP-bank".
Constantly restarting ATMs is not a way out of the situation, bankers say. According to them, rebooting an ATM takes about five minutes, that is, such a procedure cannot be carried out unnoticed by customers, besides, an ATM, like any computer, frequent reboots are harmful.
Until the antidote is found, bankers have to prevent ATMs from getting infected. “To protect themselves from such intrusions, banks must strengthen the protection of the external circuit and the ATM network,” says Maxim Dareshin, head of the self-service systems development department of Alfa-Bank. “However, the peculiarity is that the cost of host protection does not depend on the number of ATMs connected to the network. , one hundred or a few thousand ". "In such a situation, banks with small ATM networks, comparing the volume of costs and risks, are unlikely to willingly invest in security, preferring to insure ATMs against theft," says a specialist in a large bank, recognizing that this approach will stimulate fraudsters further spread a new virus.
