Mariachis and jackpotting: ATM malware from Latin America

Thursday 5 October 12:00 - 12:30, Green room

Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional crime and cybercrime are those against ATMs. The criminals have one goal in mind: jackpotting.

If there is one region in the world where these attacks have achieved highly professional levels, it is Latin America. Attacks against ATMs quickly evolved from using bombs and dynamite to using malware, starting with Ploutus and Green Dispenser and now the newest ATM-focused threats, Prilex and Ice5. Latin American crooks have been working together closely, and have attempted to steal a lot of money directly from ATMs, with relative success.

ATM attackers have developed a number of tools and techniques that are unique to this region, as well as importing malware from Eastern Europe and creating their own local solutions, deploying them on a large scale using USB sticks, CDs, corrupted employees, black boxes and other very creative methods. A combination of factors, including the use of obsolete and unsupported operating systems and development platforms, has enabled the creation of malicious code in a simple way as .NET, without requiring a high level of technical skill. This scenario has favoured the development of malware that is very effective in the region.

We are facing a rising tide of threats against ATMs that have been improved technically and operationally. This is a great challenge for financial institutions and security professionals in the region - attacks on such devices have already generated large losses for financial institutions. The question here is: what, and when will be the next big hit? Why steal information to monetize when it is easier to milk cash directly from the bank? Attacks in the Carbanak style against banks in Latin America allow crooks to access the banks' networks directly, with no intermediate. In this presentation we will show detailed operational details about how these regional attacks against financial institutions have created a unique situation in Latin America.

 

Thiago-Marques-web.jpg

Thiago Marques

Thiago Marques joined Kaspersky Lab's Global Research and Analysis Team in November 2015 as a security analyst for Brazil.

His main responsibilities are the analysis of domestic malicious code through advanced reverse engineering and the investigation of local malware.

Thiago brings eight years of experience in the reverse engineering of malware. He previously worked as a senior researcher at a national security company in Brazil, analysing threats to the Windows and Android platforms and managing the malware lab. He also worked at Gas Technology, where he used reverse engineering to map malicious activities and support security product development.

Thiago Marques graduated with a B.S. in computer science from the Center Barra Mansa University in Rio de Janeiro. He has taught reverse engineering of malware for financial institutions, police departments, the army, navy and private companies at Escola Superior de Redes for six years. Additionally, in 2012, Thiago trained the Hong Kong police department in cybersecurity.

@thiagoolmarques

 

Fabio-Assolini-web.jpg

Fabio Assolini

Fabio Assolini joined Kaspersky Lab's Global Research and Analysis Team (GReAT) in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio's responsibilities include the analysis of virus, cyber attacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. In particular, he focuses on the research and detection of banking trojans. In November 2012, he was promoted to Senior Security Researcher.

Since 2006, Fabio has been a voluntary member of the security community Linha Defensiva (Defensive Line), a non-government organization. In addition, he is a member of the Alliance of Security Analysis Professionals (ASAP), a network of NGOs, professionals and individuals dedicated to providing security-related support to end-users. Fabio has more than five years of experience as a malware analyst and has a university degree in computer science.

@assolini



VB2018 MONTREAL!

VB2017 OVERVIEW

VB2017 SPEAKERS

VB2017 PROGRAMME

VB2017 PHOTOS

2017 PÉTER SZŐR AWARD


Other VB2017 papers

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…