ATM Hackers Have Picked Up Some Clever New Tricks
upstart writes in with an IRC submission:
ATM Hackers Have Picked Up Some Clever New Tricks:
At last week's Black Hat and Defcon security conferences, researchers dug through recent evolutions in ATM hacking. Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics-including uncovering new remote attacks to target specific ATMs.
During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analyzed two cash-out tactics that represent different current approaches to jackpotting. One looked at the ATM malware known as INJX_Pure, first seen in spring 2019. INJX_Pure manipulates both the eXtensions for Financial Services (XFS) interface-which supports basic features on an ATM, like running and coordinating the PIN pad, card reader, and cash dispenser-and a bank's proprietary software together to cause jackpotting.
[...] Perlow also looked at FASTCash malware, used in jackpotting campaigns that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency attributed to North Korean hackers in October 2018. North Korea has used the malware to cash out tens of millions of dollars around the world, which coordinated groups of money mules then collect and launder. FASTCash targets not the ATMs themselves but a financial card transaction standard known as ISO-8583. The malware infects software running on what are known as "payment switches," finance infrastructure devices that run systems responsible for tracking and reconciling information from ATMs and responses from banks. By infecting one of these switches rather than attacking an individual ATM, FASTCash attacks can coordinate cash-outs from dozens of ATMs at once.
"If you can do this, then you no longer have to put malware on 500 ATMs," Perlow says. "That's the advantage, why it's so clever."
[...] "What has fundamentally changed between when Barnaby Jack presented and now?" Red Balloon's Cui says. "The same types of attacks that would have worked against laptops and laptop operating systems 15 years ago largely wouldn't work now. We've leveled up. So why is it that the machine that holds the money has not evolved? That's incredible to me."
Read more of this story at SoylentNews.