Ploutos_and_ploutus

Tlp green 12 the following

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: LATAM than in Spain. The use of the .NET NCR library, and the needed physical access to the machine, may point to this being an insider job. However, there are some forums, especially popular in LATAM, where all kind of software and manuals for these ATMs is exchanged. Physical access to the machines apparently is not a problem. We can see in some forums from LATAM how the physical hacking of different ATM models is discussed. Apparently it is quite popular for attackers to have physical access to the ATMs, from which they are able to retrieve the track´s logs, but they cannot decipher the content. The most worrisome aspect of this is that some of them claim to be ATM technicians. TLP: Green 10 Conclusions This malware is clear proof of how attackers are moving to new targets - directly to the root of money. Even when physical access was needed, they were not afraid of implementing such a campaign – and worse, to expand it. Apparently it´s not a big problem to gather the information needed for implementing such malware, and for physically installing it in a target ATM. According to some information retrieved from forums, this kind of fraud is discussed quite openly and many ATM operators/technicians are interested in obtaining more information on how to commit it. This is the perfect soil for a criminal gang to emerge and grow. The main feature in both versions is to cash- out an infected ATM. The differences are quite minimal, the most notable being the translation into English of the new version. B...
View Full Document

Ask a homework question - tutors are online