Trend Micro discovers Alice malware. What is malware and how can it damage businesses?
People typically don't associate the word "safe" with cybercriminals. After all, we get the impression these folks are risk-takers, dangerous and willing to do whatever it takes to exploit their victims and steal their data. And yes, they're all of these phrases and more. However, they're also smart, and they know it's critical they only take calculated risks. If they don't, they understand there's a good chance they'll get caught and arrested, or at least lose out on a hefty cash prize.
Trend Micro pointed out that before the rise of more advanced technologies, IT criminals would use everything from small cameras to physical hardware to steal credit card numbers and other information from bank customers. Long gone, however, are the days of bank robbers taking their cues from famed criminals like Willie Sutton (who robbed banks for decades but spent a good portion of his life in jail, reported the Brooklyn Daily Eagle.) Many robbers have evolved past wearing masks and storming buildings because when you're sitting behind a computer, you don't need one.
"[ATMs] are no longer just affected by the physical attempts of emptying the money safe," Trend Micro researchers David Sancho and Numaan Huq said, according to Ed Cabrera, Chief Cybersecurity Officer at Trend Micro. "Now logical attacks on ATMs are slowly being recognized as an emerging threat by the security industry and law enforcement agencies."
Types of attacks on ATM machines
Over the years, attacks on ATMs have evolved. Here are some of the variants that have emerged:
Skimming machines
For years, skimming machines were a go-to option for bank robbers. These are small devices that criminals place over a card reader at an ATM. When someone swipes a card, the device streams information back to the cybercriminal. From there, they steal data.
Malware attacks
For the past couple of years, malware attacks have steadily grown, noted Sancho. A 15 percent jump in ATM IT attacks occurred between 2014 and 2015, and the number of total reported losses has increased exponentially over the years. In comparison, physical ATM attacks have paled next to those committed by cybercriminals.
What caused the rise of malware attacks?
Malware attacks came about because of an opportunity. We already named one advantage – the ability to stay hidden while stealing data – but Sancho said there are a few more people may not be aware of.
Trend Micro and Europol's European Cybercrime Center collaborated to find out exactly what caused its rise in popularity.
- Institutions using archaic operating systems such as Windows XP likely found it difficult to keep their applications up to date simply because the OS stopped receiving automatic updates. This makes these systems vulnerable to attack.
- The use of middleware which simplifies the deployment of applications across ATMs and other systems, left them exposed to malware writers.
Alice malware
A different type of cyber crime is growing in popularity. It's called Alice, and it could become a serious challenge for financial institutions that don't have the safety protocols in place to curb it.
Trend Micro discovered this new Malware in November 2016, and found it may be the simplest but one of the most effective malware families to date. Alice doesn't steal people's data like typical malware. Instead, it gives cybercriminals access to something just as valuable: money.
Alice infect an ATM by running two files in its root directory, noted Trend Micro, then it connects to CurrencyDispenser1 the default name for money dispensing hardware, and if the criminal inputs the correct Pin, Alice opens the "operator panel." From there, the criminal can steal money.
Sancho noted that malware similar to Alice is likely to grow in the coming years. It's no longer a "niche" attack. He added that while today they might use off-the-shelf packers, these criminals could soon turn to custom packers and unique procedures to stay undetected.
While something like Alice is likely to catch financial institutions off guard, because it's a new type of attack, there are still ways to keep their facilities protected.
Install high-definition security cameras that alert authorities of suspicious activity, don't set up ATMs in areas that have high crime rates (if you can help it), teach your employees about best-practice IT safety protocols and use advanced software to protect machines.