Using codes via text messages to steal hundreds of dollars from ATMs might seem too easy to be real. Unfortunately, older ATM machines are vulnerable to this new type of cyber-attack, referred to as the “Ploutus” ATM attack. This is because a majority of older ATMs operate on versions of Windows XP, just like a standard computer. However, this specific Microsoft operating system is being cycled out on April 8th, meaning the software company will no longer provide security updates, or “patches,” for Windows XP. This means computers running on XP -including ATMs- will be largely unprotected against viruses and cyber-attacks in the near future.
As April 8th approaches, the banking industry is facing a serious risk of cyber-attacks aimed at ATMs across the country, especially those in more remote locations. In order to complete the robbery, the attacker must gain access into the inside of the ATM and connect a mobile phone, usually via a USB. Getting to the ATM’s inner computer is often not too difficult since the money stored in the ATM is protected separately in a safe.
Once the phone is connected to the ATM it infects the machine with the Ploutus Trojan. Next, the attacker sends SMS commands to the phone connected to the ATM’s network. This command starts up the Ploutus malware to cause the ATM to issue a previously specified amount of cash.
This brings us to the big question: is there a way to protect ATMs from these type of sophisticated attacks? While modern ATMs have improved security features, such as encrypted hard-drives, older ATMs running on Windows XP are more susceptible to security holes. Two ways to protect ATMs is by updating their security features and operating system as well as improving the physical security of the computer inside, which could prevent attackers from installing malware.
Note: If your computer is still running on Windows XP, it is highly recommended that you update to a more current system, such as Windows 7 or 8, before April 8th in order to protect it from future security issues and cyberattacks.
For more information about the Ploutus attack and how it works, read this Symantec article.