Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 929
- Points
- 113
The Central Bank of the Russian Federation sent information to banks about the spread of a virus that forces ATMs to issue money using a code entered from the keyboard. Anyone can withdraw money from an ATM infected with this virus, just know the code.
ATMs manufactured by NCR were infected. When you enter the code, they dispense all the cash from the first dispenser, which contains 40 bills of 1,000 and 5,000 rubles. Only small bills remain in the ATM - most likely, they are of no interest to attackers. Experts believe that banks will not turn off or change ATMs because it is cheaper for them to insure money against theft. In addition, ATMs of any manufacturer are defenseless against contactless viruses.
There is no effective way to protect ATMs. They are infected with a so-called contactless virus, which is stored in the RAM of a Windows-based ATM. Antivirus programs for Windows XP (namely, this OS is most often used in ATMs) are powerless against this kind of virus activity, since they scan only drives. Most likely, the virus can mutate on its own, save itself in hidden areas of the disk, and be compiled from several components, each of which is not considered malicious. It is restored even after the ATM is rebooted, during which the contents of the computer's RAM are completely cleared.
In Russia, a contactless virus was noticed in ATMs for the first time, although in other countries banks have been fighting it for several years. In 2014, Kaspersky Lab discovered the banking Trojan Backdoor.MSIL.Tyupkin, which allowed hackers to withdraw cash from an ATM after entering a certain code. This virus must be installed on an ATM—the hackers needed physical access to the computer. Director of Methodology and Standardization at Positive Technologies Dmitry Kuznetsov believes that the new virus first enters the external circuit of the bank, then onto the computer of the specialist responsible for the ATM network, and then into the closed circuit of the ATM network.
The NCR company, whose ATMs, according to the Central Bank, were vulnerable, denied the theft of money. Vice President of the Russian representative office of NCR Konstantin Khotkin said that the company is not aware of a single case of attacks on an NCR ATM installed in a bank.
The code for withdrawing cash is known only to criminals, and they do not disclose it. A person who withdraws money using this code may be subject to several criminal offenses (theft, fraud, unauthorized access to computer information). If he proves that he was not involved in the virus and entered the code by accident, he will avoid liability, but will still have to compensate the bank for the damage and return the money.
(c) https://www.iguides.ru/main/gadgets..._v_bankomatakh_opasnost_ili_khalyavnye_dengi/
ATMs manufactured by NCR were infected. When you enter the code, they dispense all the cash from the first dispenser, which contains 40 bills of 1,000 and 5,000 rubles. Only small bills remain in the ATM - most likely, they are of no interest to attackers. Experts believe that banks will not turn off or change ATMs because it is cheaper for them to insure money against theft. In addition, ATMs of any manufacturer are defenseless against contactless viruses.
There is no effective way to protect ATMs. They are infected with a so-called contactless virus, which is stored in the RAM of a Windows-based ATM. Antivirus programs for Windows XP (namely, this OS is most often used in ATMs) are powerless against this kind of virus activity, since they scan only drives. Most likely, the virus can mutate on its own, save itself in hidden areas of the disk, and be compiled from several components, each of which is not considered malicious. It is restored even after the ATM is rebooted, during which the contents of the computer's RAM are completely cleared.
In Russia, a contactless virus was noticed in ATMs for the first time, although in other countries banks have been fighting it for several years. In 2014, Kaspersky Lab discovered the banking Trojan Backdoor.MSIL.Tyupkin, which allowed hackers to withdraw cash from an ATM after entering a certain code. This virus must be installed on an ATM—the hackers needed physical access to the computer. Director of Methodology and Standardization at Positive Technologies Dmitry Kuznetsov believes that the new virus first enters the external circuit of the bank, then onto the computer of the specialist responsible for the ATM network, and then into the closed circuit of the ATM network.
The NCR company, whose ATMs, according to the Central Bank, were vulnerable, denied the theft of money. Vice President of the Russian representative office of NCR Konstantin Khotkin said that the company is not aware of a single case of attacks on an NCR ATM installed in a bank.
The code for withdrawing cash is known only to criminals, and they do not disclose it. A person who withdraws money using this code may be subject to several criminal offenses (theft, fraud, unauthorized access to computer information). If he proves that he was not involved in the virus and entered the code by accident, he will avoid liability, but will still have to compensate the bank for the damage and return the money.
(c) https://www.iguides.ru/main/gadgets..._v_bankomatakh_opasnost_ili_khalyavnye_dengi/
