Mariachis and jackpotting: ATM malware from Latin America

Thursday 5 October 12:00 - 12:30, Green room

Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional crime and cybercrime are those against ATMs. The criminals have one goal in mind: jackpotting.

If there is one region in the world where these attacks have achieved highly professional levels, it is Latin America. Attacks against ATMs quickly evolved from using bombs and dynamite to using malware, starting with Ploutus and Green Dispenser and now the newest ATM-focused threats, Prilex and Ice5. Latin American crooks have been working together closely, and have attempted to steal a lot of money directly from ATMs, with relative success.

ATM attackers have developed a number of tools and techniques that are unique to this region, as well as importing malware from Eastern Europe and creating their own local solutions, deploying them on a large scale using USB sticks, CDs, corrupted employees, black boxes and other very creative methods. A combination of factors, including the use of obsolete and unsupported operating systems and development platforms, has enabled the creation of malicious code in a simple way as .NET, without requiring a high level of technical skill. This scenario has favoured the development of malware that is very effective in the region.

We are facing a rising tide of threats against ATMs that have been improved technically and operationally. This is a great challenge for financial institutions and security professionals in the region - attacks on such devices have already generated large losses for financial institutions. The question here is: what, and when will be the next big hit? Why steal information to monetize when it is easier to milk cash directly from the bank? Attacks in the Carbanak style against banks in Latin America allow crooks to access the banks' networks directly, with no intermediate. In this presentation we will show detailed operational details about how these regional attacks against financial institutions have created a unique situation in Latin America.


Click here for more details about the conference