News

Ukraine hit by cyberattack using newest ATM trojan

February 14, 2014

ATMs located in public areas and belonging to one of the largest Ukrainian banks were simultaneously attacked in all regions of the country last weekend by malicious code. According to a report from Russian software security firm SafenSoft, ATMs that had been loaded with money on Friday were found to be empty on Monday, but with no signs of physical damage.

Initial examination also did not show any malicious hacker code left in the devices. This large-scale action at the national level — carried out over a single weekend and followed by self-destruction of the malware used — is currently the largest of its kind, the report said.

In its report, SafenSoft indicated that Ploutus malware was the culprit in the attack. This malicious code was first detected in Mexico in September 2013.

Ploutus’ main feature is its ability to deactivate traditional protection systems so that attackers can install Ploutus on the system, protected by activated antivirus software.

Any attack that is aimed directly at the ATM software and does not affect the database of the organization attacked can be detected only after the worst has already happened.

Said Denis Gasilin, head of marketing at SafenSoft: 

We have witnessed an unprecedented level of cooperation among cybercriminals. Large-scale international attacks on the ATM network already happened in the past, but never before were cybercriminals able to carry out such an attack affecting only the ATM network itself and leaving no trace at all.

The level of cooperation on the cybercriminal side is sadly on a higher level than that of the defending side, so reactive methods of information protection just don’t work. The only way to reliably defend against targeted attacks using the latest malicious code is to use proactive technologies.

Read more about security.