Hackers Not Waiting for April 8, Windows XP on ATMs Being Exploited Now
An exploit, named Backdoor.Ploutus.B, enables an attacker to simply send a text message to a compromised ATM and then just walk up and collect the cash.
March 25, 2014
Many have voiced that the doom and gloom promoted by Microsoft and others (even this publication) about April 8, 2014 being a D-Day of sorts for hackers is unsubstantiated and may never happen. April 8, 2014, of course, is the date when Windows XP loses all support from Microsoft, and despite a mass of messaging warning the public about the OS's end of life, around 28% of the computing population is still clinging to it. Despite the belief by some, evidence is already mounting that the April date could result in mass chaos.
Symantec is warning about an exploit that is already confirmed and running amok in the ATM world. Almost 95% of ATMs worldwide run on versions of Windows XP. Despite constantly rising bank fees that could have subsidized investments in securing ATMs over the last few years, financial institutions have invested elsewhere, apparently, and have ignored the warnings.
The exploit, named Backdoor.Ploutus.B, enables an attacker to simply send a text message to a compromised ATM and then just walk up and collect the cash. Fanstastical? Yes, but Symantec is reporting that this technique is currently in use in various places across the world.
If you're interested in how this technique works, drop out to Symantec's page where the company details how this sophisticated attack works: Texting ATMs for Cash Shows Cybercriminals' Increasing Sophistication, or watch the video below.
This attack underscores the importance of moving off of Windows XP now. With only a couple weeks left before the support lights go out, it's becoming increasingly important for the Windows XP community to take notice and do something about it. Many companies are in the midst of migrating to a newer, more secure operating system like Windows 7 and Windows 8, but may not be able to make the deadline.
If a migration can be made now, do it. If not, there are some things that can be done to help minimize attacks in the near term. Read through Stuck with Windows XP? 7 Things to Do this Month to get an understanding of some prescriptive steps that can be taken to help bolster the unsecure operating system. The bottom line, though, is that on April 8, 2014, Windows XP will become a high target and the longer Windows XP is in use, the bigger risk using it becomes.
Microsoft is currently offering a $100 incentive for those wanting to replace old hardware at the same time when replacing the old operating system. So, there are options, and good ones. We've read recently where companies like Malwarebytes, Google, Avast, and others are offering to support Windows XP past the deadline, but don't be fooled, these are predicated on marketing efforts, not realistic security measures for an operating system version that has outlived its usefulness.
About the Author
You May Also Like