Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software The Almighty Buck

Busy North Korean Hackers Have New Malware To Target ATMs (arstechnica.com) 25

Hackers widely believed to work for North Korea's hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday. Ars Technica reports: One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last Summer. It allows its operators to read and store data associated with cards that are inserted into infected ATMs. As researchers with the Moscow-based security firm investigated further, they found that the ATM malware was part of a larger remote-access trojan that carries out traditional espionage activities. Dubbed "Dtrack," it was used as recently as this month to target financial institutions and research centers.

Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware. As the researchers analyzed the memory of infected devices, they found that that both ATMDtrack and Dtrack shared unique code sequences. When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters. The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.

This discussion has been archived. No new comments can be posted.

Busy North Korean Hackers Have New Malware To Target ATMs

Comments Filter:
  • I am having trouble imaging why an atm which sits exposed unguarded to the public 24x7 would be allowed any sort of real access further into the bank network. This is appalling.
    • by Viol8 ( 599362 ) on Tuesday September 24, 2019 @07:15AM (#59230360) Homepage

      Its an ATM. How else is it going to update accounts - or tell another system to do so - either after dispensing cash, paying bills, arranging a transfer or accepting cheques? There has to be some link between it and the main banking systems and this link *should* be over a private encrypted line, not the public internet, VPN or otherwise.

    • by thomst ( 1640045 )

      Way Less Smart Than You confessed:

      I am having trouble imaging why an atm which sits exposed unguarded to the public 24x7 would be allowed any sort of real access further into the bank network.

      This is appalling.

      Only because you don't understand how ATMs work.

      They need to interact with the bank's mainframe-based systems in order to verify the card's validity, query them to display the account's current balance, request and receive authorization to disburse the requested amount of cash, transmit confirmation that they have done so, and request that the amount disbursed be debited against that account.

      The key word here is "interact."

      The transaction record is actually processed as a m

      • I for one would imagine that the ATM communicates only with a gateway which exists specifically for that purpose, and that the ATM itself never reaches into any databases or touches any values anywhere directly, and has no ability to contact literally anything else on the network because it is locked down so hard. Why, is this not the way they do things? And if not, how do we get the people in charge onto the "B" ark, stat?

        • by Slayer ( 6656 )

          I would assume, that there is some intermediate server between ATM machine and central data base, however: we live in times, in which even such basic libraries such as openssl [cvedetails.com] and libxml2 [cvedetails.com] were/are literally riddled with exploitable holes. Try to write a stable and robust interface under such conditions.

          Doing this right would cost money, which is typically better spent on greasing politicians. Ask Equifax ...

      • Via an API through an intermediate proxy server. You would have designed an ATM to talk directly to the database on an open internal network? And you think you're smarter than me?
  • by account_deleted ( 4530225 ) on Tuesday September 24, 2019 @06:22AM (#59230246)
    Comment removed based on user account deletion
    • by gtall ( 79522 )

      Yeah, and while we're at it, let's hook cars up to horses and put an automatic whip pedal where the gas pedal was. Hint: banking is a lot more complicated than you can imagine.

  • Is it just me, or does it seem to be that Kaspersky has been getting some good press lately? Could it be that they are trying harder to prove that they are te be trusted?
  • Where is this malware being installed - at the factory? One would hope that you can't reflash the machine with a credit card but if it is running windows you never know.

  • I want to know what would be government's next move to tackle this malware. If this malware can harm ATM securities then it could badly harm banking sector. Immediate action is required against those hacker and the malware created by them to breach data of Indian citizens.
  • Now instead of getting my weekly load of cash in my wallet, with which I avoid using plastic to pay for anything, I'll have to go inside the bank and get a teller to give me cash.
    Of course at the rate we're going, I'll have to have my employer FedEx me a box full of actual cash instead of a paycheck, because practically every day there's Yet Another Data Breach/Payment System Breach/Malware Attack On Financial Systems/And So On. At this rate we'll have to go back to carrying gold and silver coins because n

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...