Windows XPocalypse and the Spread of ATM Malware

Posted: 2nd April 2014

On April 8, 2014, Microsoft will stop issuing updates for its old Windows XP operating system. This will impact corporate and government organizations worldwide since many still run the outdated software.

Banks, however, may get hit the hardest since 95% of ATMs are currently utilizing Windows XP and only 38% are planning to change their operating system before April 8.

Note: Some banks will catch a break since Microsoft will continue to support Windows XP Embedded, a stripped-down version of XP, until January 2016.

Hackers Ready to Cash In

Threat intelligence teams can safely assume ATM malware incidents will rise after April 8, but open source information suggests hacker groups have been practicing their ATM malware exploits for a few months now.

Recorded Future’s web intelligence platform identified a late 2013 spike in open source references to ATM malware which coincides with Symantec’s October 2013 identification of an English-language version of Ploutus (Backdoor.Ploutus.B), a malware family that targeted Mexican and Colombian ATMs in 2013 and Ukrainian machines in 2014. The timeline view below demonstrates the increase in references and events related to ATM malware since last summer.


Click image for larger view

Additional ATM Malware Analysis

The team at Recorded Future recently published a case study that dives deeper into the spread of ATM malware. Make sure you grab your free copy on the next page.