A Munich-based company called KAL makes Kalignite, which is compatible with many ATM vendors and makes cross-compatibility easier for banks. Diebold Nixdorf's version is called Agilis. But Windows was never designed to run ATMs, so most run Extensions for Financial Services or XFS, which is a set of APIs designed to link the host Windows systems to the specific features of ATMs, such as displays and PIN pads.ĪTM vendors usually use a layer of middleware to interact with XFS. ![]() It's a bespoke program that is the result of an intensive study of an ATM's software stack, Metabase Q says.ĪTMs typically run a version of Microsoft Windows. Ploutus is a clever piece of malicious malware engineering. "We've been seeing it in the market in different places, so it's not particular to one ," Benavides says. Metabase Q CEO and founder Mauricio Benavides says the company's analysts examined samples of Ploutus-I in addition to a physical ATM that had been infected. About two years ago, NCR bought most of OKI's IT services operations in Brazil. In 2014, Itautec's ATM business was acquired by a Japanese company, OKI, short for OKI Electric Industry. Ploutus-I targets aging ATM models made by Itautec, which at one time was the second-largest manufacturer of ATMs in Brazil. Metabase Q strongly suspects its development has been closely connected with organized criminals, perhaps based in Venezuela (see: ATM Malware Retooled to Strike More Machines). This fifth known iteration of Ploutus was first seen in Mexico. Now, researchers with Mexico-based Metabase Q, a cybersecurity services company, have uncovered a new version called Ploutus-I. ![]() In the early days, around 2013, this involved using a CD boot disk to install the malware, dubbed "Ploutus." The attacks typically involve installing malware directly on an ATM by breaking into the device's cabinet to gain direct access to its physical ports and drives. See Also: Live Webinar | Best Strategies for Transferring Sensitive Financial Data (Source: FireEye)ĪTMs across Latin America have been persistently targeted over the last eight years by organized criminals seeking to "jackpot" the machines, triggering them to disgorge their cash. Sunil Kande, Security Analyst at Suma Soft Pvt Ltd.In 2017, FireEye published research into Ploutus-D, an earlier variant of the ATM malware. ![]() Thorsten Werner at Boehringer Ingelheim GmbH Oliver Matula, Tobias Kopf and Frieder Steinmetz of ERNW GmbH. Shubham Garg, Information Security Engineer at ACPL Systemsĭr. Security researchers are an integral part of the cybersecurity community, and we are thankful to the individuals and organizations below for helping us improve our services by privately disclosing one or more security vulnerabilities in our cloud services and corporate infrastructure, and working with us to address them. The Palo Alto Networks Product Security Incident Response Team (PSIRT) and Security Operations Center (SOC) would like to acknowledge the following security researchers who have helped strengthen our cloud services and corporate infrastructure, as well as customers’ security, by finding and reporting security vulnerabilities to us via responsible disclosure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |