Action criminals consists of two stages. At the beginning of gain physical access to the ATM and put in the boot CD to install malware, which Kaspersky Lab has given the name of Tyupkin. After re-booting the infected ATM is under the control of attackers. After a successful malware infection triggers an infinite loop, waiting for a command. To attack was more difficult to identify, the malware intercepts commands Tyupkin only at a specific time – on Sunday and Monday night. In these hours, criminals can steal money from an infected machine.
Recordings obtained from security cameras in infected ATMs showed the method used to access the cash machine. For each session, a newly generated key is composed of a unique combination of numbers (based on the random numbers). Thanks to any person outside the gang will not be able to accidentally benefit from fraud. Then, a person standing at the ATM receives instructions over the phone from another gang member who knows the algorithm and is able to generate a session key based on the number shown. This is to prevent attempts to independent cash withdrawals by those intermediaries for infecting ATMs.
If the key is correctly entered, the ATM displays information about how many resources are available in each cartridge with money, encouraging the operator to chose which cassette wants to rob. Then, ATM seems 40 notes at a time from the selected cartridge.
Malware Tyupkin
At the request of one of the financial institutions , a team of experts carried out an investigation on the present cybercriminal attacks. Malware identified and named Backdoor.MSIL.Tyupkin have so far been detected in the ATMs in Latin America, Europe and Asia.
“The last few years have seen a significant increase in the number of attacks on ATMs using the equipment to clone credit cards and malware. Now we are witnessing the natural evolution of this threat, in which cybercriminals are climbing up the chain and attack the financial institutions directly. They do this through self-infecting ATMs or carrying out targeted attacks on banks. Tyupkin Malware is an example of the use by attackers ATM infrastructure vulnerabilities “- said Vicente Diaz from Kaspersky Lab.” We advise banks to examine the physical security of their ATM machines, and network infrastructure, and consider investing in appropriate security solutions “- he added.
How banks can reduce the risk
– Examine the physical security of its ATM and consider investing in a high quality security solution.
– Replace all locks and keys universal in the top cover ATM and resign from the manufacturer’s default settings.
– Install the alarm and ensure that it is efficient. The cybercriminals behind the software Tyupkin infecting only ATMs that do not have the safety alert.
– Change the default password, the BIOS ATMs.
– Ensure that machines have an updated anti-virus protection.
Photo principal comes from the source: © 123RF / Picsel
No comments:
Post a Comment