ATMitch: remote administration
of ATMs

Kaspersky experts reconstruct an ATMitch case – and discover a mysterious way to cash out with ATMs

Learn More

What Are Fileless Banking Attackers Really After?

In February 2017, Kaspersky published research on fileless malware attacks against enterprise networks. It contained description of the data collected during incident response in several financial institutions around the world, exploring how attackers moved through enterprise networks leaving no traces on the hard drives. The goal of these attackers was money, and the best way to cash out and leave no record of transactions is through the remote administration of ATMs. This time, the company’s experts made a research into the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.

Lessons from Stage 1: fileless malware attacks against enterprise networks

  • This attack shows how no malware samples are needed for successful exfiltration of a network.
  • The use of common tools combined with different tricks makes detection very hard.
  • The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of anti-forensic techniques and memory-based malware. That is why memory forensics is becoming critical to the analysis of malware and its functions.
  • Incident response is the key.

Lessons from Stage 2: ATMitch

  • Banks should protect their ATMs, not only bank infrastructure!
  • Kaspersky Embedded Systems Security is the answer

Related articles

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close