Malware that targets ATMs isn’t a new concept. After all, ATMs use internal computers that can be hacked just the same as any old workstation. The prime difference is that hacking into an ATM allows for a direct dispensing of cash, rather than some crafty behind-the-scenes action. A new type of ATM malware, titled GreenDispenser, is a cause for concern in Mexico, and could spread to other countries if left unchecked.
As mentioned, there are other types of malware that target ATMs almost exclusively, including a backdoor called Ploutus. Just like GreenDispenser, Ploutus originated in Mexico, and allowed criminals to steal money from ATMs by sending commands through the PIN pad or through a keyboard. Later versions allowed hackers to send a text message to the ATM to distribute cash. While this ATM malware originated in Mexico, it’s suggested by Ploutus’s English localization that it was designed for use in other countries.
Other types of ATM malware include Tyupkin, which was used to infect ATMs in Eastern Europe, as well as another called Suceful, which was designed to lock cards inside the machines and release them upon a command. Thankfully, the common trend with these types of malware appears to be that they almost exclusively require physical access to the ATM in order to exploit. It’s suggested that the increase in ATM hacking attacks is occurring due to the adoption of chip-enabled cards by the everyday user.
GreenDispenser forces the ATM to display an error message claiming that the machine is out of service, but in actuality, hackers can bypass this error by plugging in a predetermined PIN that’s been hard-coded into the malware. GreenDispenser also has some other quirks that distinguish it from the ATM malware systems. As explained by ComputerWorld:
Interestingly, GreenDispenser uses some type of two-factor authentication. After the hard-coded PIN is entered, the ATM will display a QR code, which the criminals probably scan with a mobile application in order to obtain a second, dynamically generated PIN. The second PIN unlocks an interaction menu on the ATM that gives attackers control over the cash dispenser. Another option on the menu allows criminals to uninstall the malware in a way that securely wipes it and makes it hard for forensics teams to later recover it.
While this increase in ATM hacking is thought to stem from an increase in card encryption technology (making it significantly more difficult to steal information through card skimming), another main reason that hackers are targeting ATMs is because many still run on the antiquated Windows XP operating system. This just goes to show that not upgrading away from old operating systems can have dire consequences.
In the case of GreenDispenser, there’s not much for you to do to protect yourself. The victim is the bank or owner of the ATM. But if you do use an ATM, it doesn’t hurt to be aware of security risks. Check to see if the ATM is under surveillance. If it’s pretty obvious that there are security cameras on the ATM, or it’s under regular supervision, there’s a smaller chance it’s been tampered with.
With the release of Windows 10 still fairly recent, your organization doesn’t need to deal with old operating systems anymore. Contact PACE Technical Services today at 905.763.7896 to find out all there is to know about upgrading away from your older Windows models, and ask us about security best practices that can keep your identity and personal information safe while utilizing online services.