There is a growing chorus of voices calling for businesses and home users to upgrade existing Windows XP installations to newer versions of Windows, if not for the features, then at least for the improved security and support. ATMs are basically computers that control access to cash, and as it turns out, almost 95 percent of them run on versions of Windows XP. With the looming end-of-life for Windows XP slated for April 8, 2014, the banking industry is facing a serious risk of cyberattacks aimed at their ATM fleet. This risk is not hypothetical — it is already happening. Cybercriminals are targeting ATMs with increasingly sophisticated techniques.

In late 2013, we blogged about new ATM malware in Mexico, which could let attackers force ATMs to spew cash on demand using an external keyboard. That threat was named Backdoor.Ploutus. Some weeks later, wediscovered a new variant which showed that the malware had evolved into a modular architecture. The new variant was also localized into the English language, suggesting that the malware author was expanding their franchise to other countries. The new variant was identified as Backdoor.Ploutus.B (referred to as Ploutus throughout this blog).
What was interesting about this variant of Ploutus was that it allowed cybercriminals to simply send an SMS to the compromised ATM, then walk up and collect the dispensed cash. It may seem incredible but this technique is being used in a number of places across the world at this time.

Connecting a mobile phone to the ATM
The criminals can remotely control the ATM by using a mobile phone which is connected to the inside of the ATM. There are multiple ways to connect a mobile phone to an ATM. A common method is to use a setup called USBtethering, which is effectively a shared Internet connection between a phone and a computer (or in this case, an ATM).
The attackers need to set the phone up correctly, connect it to the ATM and infect the ATM with Ploutus. Once all of these steps are complete, a full two-way connectivity is established and the phone is ready to be used.
Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely.
Sending SMS messages to the ATM
After the mobile phone is connected to the ATM and set up is completed, the criminals can send specific SMS command messages to the phone attached inside the ATM. When the phone detects a new message under the required format, the mobile device will convert the message into a network packet and will forward it to the ATM through the USB cable.
The network packet monitor (NPM) is a module of the malware which acts as a packet sniffer, watching all network traffic going on in the ATM. As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet and search for the number “5449610000583686” at a specific offset within the packet in order to process the whole package of data. Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus. An example of such a command is shown below:

In previous versions of Ploutus, the master criminal would have to share these digits with the money mule, which could allow the money mule to defraud the master criminal if they realize what the code allows them to do. In this version of Ploutus, the mule never sees the 16 digits, giving the master criminal added security and the ability to centrally control cash withdrawals. The code is active for 24 hours.

Using SMS messages to remotely control the ATM is a much more convenient method for all of the parties in this scheme, because it is discrete and works almost instantly. The master criminal knows exactly how much the money mule will be getting and the money mule does not need to linger for extended periods around an ATM waiting for it to issue the cash. The master criminal and money mule can synchronize their actions so that the money is issued just as the money mule pretends to withdraw cash or is walking past the ATM.

Putting it all together
Now that we have looked into the details of how this scheme works, here’s an overview of how it all fits together.

Process overview
1. The attacker installs Ploutus on the ATM and connects a mobile phone to the machine with a USB cable.
2. The controller sends two SMS messages to the mobile phone inside the ATM.
1. SMS 1 must contain a valid activation ID in order to enable Ploutus in the ATM.
2. SMS 2 must contain a valid dispense command to get the money out.
3. The phone detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
4. In the ATM, the network packet monitor module receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus.
5. Ploutus causes the ATM to spew out the cash. The amount of cash dispensed is pre-configured inside the malware.
6. The cash is collected from the ATM by the money mule.
We were able to replicate this attack in our lab with a real ATM infected with Ploutus, so we can show you this attack in action in our short video.

While in this demonstration, we are using the Ploutus malware, Symantec Security Response has found several different forms of malware that are targeting ATMs. In the case of Ploutus, the attackers are trying to steal the cash from inside the ATM; however, some malware we have analyzed attempts to steal the customers' card information and PIN while other malicious software lets criminals attempt man-in–the-middle attacks. Clearly, attackers have different ideas on how best to make money from an ATM.

What can be done to protect ATMs?
Modern ATMs have enhanced security features, such as encrypted hard-drives, which can prevent these types of installation techniques. However, for older ATMs still running on Windows XP, protecting against these types of attacks is more challenging, especially when the ATMs are already deployed in all sorts of remote locations. Another difficulty that needs to be addressed is the physical security of the computer inside the ATMs. While the ATM’s money is locked inside a safe, the computer generally is not. Without adequate physical security for these older ATMs, the attacker has the upper hand.
A number of measures could be taken to make things more difficult for the criminals. These include:

• Upgrading to a supported operating system such as Windows 7 or 8
• Providing adequate physical protection and considering CCTV monitoring for the ATM
• Locking down the BIOS to prevent booting from unauthorized media, such as CD ROMs or USB sticks
• Using full disk encryption to help prevent disk tampering
• Using a system lock down solution such as Symantec Data Center Security: Server Advanced (previously known as Critical System Protection) With all these measures in place, attackers would find it much harder to compromise an ATM without a complicit insider.

Symantec’s consumer, endpoint and server protection solutions will continue to support Windows XP systems for the foreseeable future; however, we strongly recommend that Windows XP users should upgrade to a more current operating system as soon as possible.

Get latest news from Blognone
By: hypotango2 on 10 January 2020 - 17:57 #1143370

The 20th century in the history of the tobacco industry passed under the banner of growing anti-tobacco sentiments, which largely determined the vector of development of the industry as a whole. For that purpose, the British Government posted a new press-release called "Cigarettes for sale uk" which was visited about a million times. The first limitation was the ban on 26 US states selling cigarettes to minors in 1890. The authorities of New York decided to go further and after 20 years banned women from smoking in public places, which immediately caused a wave of discontent among the newly-made violators of the law, who entered the struggle for their rights.

The result of scientific publications about the dangers of smoking in the 1950s was the appearance of the first filter cigarettes — Kent cigarettes with an asbestos filter. In the early 60s, warnings about the dangers of smoking began to appear on packs. However, despite the ongoing anti-tobacco campaigns, the popularity of cigarettes and the number of smokers continued to grow.

By: hypotango3 on 12 April 2020 - 02:10 #1154229

In addition to the usual supplies, there are other methods, as a result of which taxes are not paid and cheaper cigarettes are offered. So many people have the possibility to buy cigarettes in Australia. These methods increase tobacco use, harm public health, and contribute to the devastation of the state treasury. These include online sales and overseas purchases. The sale of cigarettes over the Internet is growing. In the United Kingdom alone, more than 770 websites sold cigarettes to consumers in 2006, half of these sites were outside the United Kingdom. This figure has grown from only 40 online cigarette sellers in the UK since the beginning of 2000.

Many of cheap cigarettes online that are retailed over the Internet are illegal, as neither sellers nor consumers pay taxes. Internet sellers also provide a profitable way to sell counterfeit and contraband products, and only a few try not to sell cigarettes to underage consumers. With the growth of shopping sites, ordinary people who have a computer can easily smuggle cigarettes from their home.

By: JohnWeaver on 16 July 2020 - 02:36 #1167290

It was simply an extra ordinary article which has listed the cyber rime and current things happening around. Most of the people does not have any idea how the work as per bestessays reviews. But your detailed article has revealed many points on it.

By: Sacac on 3 September 2020 - 23:29 #1174278

I learned about http://changehero.io/ when I was looking for service for exchanging bitcoins. Then he also began to work through them with other currencies. Now I use it just like a wallet for storage. The exchanger is safe, the money from the account did not disappear anywhere, how much it sent - it always came as much. You can transfer one currency to another in 10 minutes.