Author Archive

The Coding For Your ATM Shouldn’t Be as Dirty as Its Cash

b2ap3_thumbnail_atm_malware_threats_400.jpgMalware that targets ATMs isn’t a new concept. After all, ATMs use internal computers that can be hacked just the same as any old workstation. The prime difference is that hacking into an ATM allows for a direct dispensing of cash, rather than some crafty behind-the-scenes action. A new type of ATM malware, titled GreenDispenser, is a cause for concern in Mexico, and could spread to other countries if left unchecked.

As mentioned, there are other types of malware that target ATMs almost exclusively, including a backdoor called Ploutus. Just like GreenDispenser, Ploutus originated in Mexico, and allowed criminals to steal money from ATMs by sending commands through the PIN pad or through a keyboard. Later versions allowed hackers to send a text message to the ATM to distribute cash. While this ATM malware originated in Mexico, it’s suggested by Ploutus’s English localization that it was designed for use in other countries.

Other types of ATM malware include Tyupkin, which was used to infect ATMs in Eastern Europe, as well as another called Suceful, which was designed to lock cards inside the machines and release them upon a command. Thankfully, the common trend with these types of malware appears to be that they almost exclusively require physical access to the ATM in order to exploit. It’s suggested that the increase in ATM hacking attacks is occurring due to the adoption of chip-enabled cards by the everyday user.

GreenDispenser forces the ATM to display an error message claiming that the machine is out of service, but in actuality, hackers can bypass this error by plugging in a predetermined PIN that’s been hard-coded into the malware. GreenDispenser also has some other quirks that distinguish it from the ATM malware systems. As explained by ComputerWorld:

Interestingly, GreenDispenser uses some type of two-factor authentication. After the hard-coded PIN is entered, the ATM will display a QR code, which the criminals probably scan with a mobile application in order to obtain a second, dynamically generated PIN. The second PIN unlocks an interaction menu on the ATM that gives attackers control over the cash dispenser. Another option on the menu allows criminals to uninstall the malware in a way that securely wipes it and makes it hard for forensics teams to later recover it.

While this increase in ATM hacking is thought to stem from an increase in card encryption technology (making it significantly more difficult to steal information through card skimming), another main reason that hackers are targeting ATMs is because many still run on the antiquated Windows XP operating system. This just goes to show that not upgrading away from old operating systems can have dire consequences.

In the case of GreenDispenser, there’s not much for you to do to protect yourself. The victim is the bank or owner of the ATM. But if you do use an ATM, it doesn’t hurt to be aware of security risks. Check to see if the ATM is under surveillance. If it’s pretty obvious that there are security cameras on the ATM, or it’s under regular supervision, there’s a smaller chance it’s been tampered with.

With the release of Windows 10 still fairly recent, your organization doesn’t need to deal with old operating systems anymore. Contact Total Networks today at (602)412-5025 to find out all there is to know about upgrading away from your older Windows models, and ask us about security best practices that can keep your identity and personal information safe while utilizing online services.

Continue Reading →

Posted in: Total Networks Blog

Leave a Comment (0) →

How Much Is Your Identity Worth on the Black Market?

b2ap3_thumbnail_the_dark_web_400.jpgHave you ever wondered what hackers do with all of the data they steal on a regular basis? Sure, they could go public with it like they did with the Ashley Madison and Sony hacks, or they could sell it and make some quick cash. Credentials like passwords, usernames, Social Security numbers, and more, can be sold for top dollar in illegal markets, but how much can your identity go for?

Basically, when your accounts are hacked, criminals will often attempt to sell this information on the Dark Web; a place where only those on the anonymity network, Tor, can access. Most information that’s stolen consists of personal identifiable information and financial data, but hackers will often be content with making off with anything they possibly can. The most common industries targeted by these hackers are healthcare, government, retail, and education, but it should be mentioned that all businesses are susceptible to data theft of any kind.

As a business owner, it’s your job to make sure that this is prevented at all costs. The last thing you want is a hacker stealing your organization’s financial information or your employees’ personal information. Your organization’s information is much more valuable than you might think it is, especially to hackers. They will find value in any data, regardless of what it is. Here are some figures provided by ZDNet as to just how much specific credentials, accounts, and other sensitive information can go for on the Dark Web.

  • Mobile accounts in the United States can be sold for as little as $14 apiece.
  • PayPal and eBay accounts that have a significant amount of transaction history can be sold for around $300 each.
  • Supposedly, Uber accounts are in high demand.
  • Bank account credentials can sell for anywhere between $200 and $500 apiece, depending on how much cash is actually stored in them.
  • As you might guess, credit card information is in high demand. In fact, it’s almost comical how much thought is put into the process of selling a credit card number. According to ZDNet, the price varies drastically depending on supply and demand, as well as whether or not they’ll actually work and how much the buyer can get out of the card before it’s reported and deactivated. Most credit card information is sold in bulk to reduce the unit price.
  • Personally identifiable information is sold at $1 per line of information; in other words, someone could purchase your full legal name, Social Security number, address, date of birth, and more, for the price of a meal at a fast food joint. This is more than enough info to commit identity fraud.
  • Full credit reports can be purchased for $25 apiece. Other documents, like passports and driver’s licenses, can be sold for anywhere between $10 and $35 per document.

So, as you can see, data theft is no joke to hackers, and it shouldn’t be for your business either. The legal ramifications of allowing a large-scale data breach, including the theft of your business’s, employees’, and clients’ information, could result in extremely pricy fines, a loss of credibility, and in the worst-case scenario, the end for your organization. While one individual’s personal information might not have a big price tag, your contact database is a treasure trove to hackers.

The best way to avoid a full-scale hack that results in the theft of a significant amount of personal information is to implement a comprehensive security solution designed to keep threats out and eliminate suspicious activity on your network. A Unified Threat Management (UTM) solution is capable of providing a firewall, antivirus, spam blocking, and content filtering solution that’s designed with the safety of your organization in mind. Give us a call at (602)412-5025 to learn more about how Total Networks can protect your organization from hacking attacks.

Continue Reading →

Posted in: Total Networks Blog

Leave a Comment (0) →

Tip of the Week: View Your Current Google Sessions for Optimal Security

b2ap3_thumbnail_google_sessions_400.jpgLogging into an account only to find out that you’ve been hacked can be a real hassle. If you’re wondering why and how this could have happened, you’re in luck; some accounts, like Google, record when and how the account is accessed, and finding out how is as easy as checking out your security settings. Here’s how you can see who is accessing your account, and how.

The first step is to sign into your Google account. Hopefully, whoever is tampering with your account hasn’t changed your password on you. Click the grid-like icon in the top right corner of the screen that appears right next to your account name. Click on My Account.

google sec ib1

This is the central location of all things related to the settings of your Google account. Click on Sign-in & security.

google sec ib2

Next, you can scroll down to the Device activity & notifications section, or select it in the table of contents that appears in the left sidebar. This will show you which devices were last used to access your account.

google sec ib3

Now, all you have to do is click on Review Devices. This selection shows you what’s going on in your account, including approximate locations for where your account was accessed, the browser they used, and the country. This powerful tool for your Google account security is very simple to use and can effectively help you keep strangers from causing too much trouble.

If you notice that there’s some unsavory activity going on, you should reset your password immediately and set up security notifications that inform you when a hacker or other malicious entity tries to sign into your account. The ability to review devices that are accessing your account gives you the chance to review your account’s security policies and take greater precautions against attacks.

Your Google account also has a ton of other great security features available, with some of the most important ones being two-step verification, recovery options, password resetting, and application settings. Take the time to go through each of these options and optimize your security settings to mitigate the possibility of any future hacking activity.

For more tips on how to keep your online accounts secure, subscribe to Total Networks’s blog.

Continue Reading →

Posted in: Total Networks Blog

Leave a Comment (0) →

Our IT Budget Planning Checklist

Fiscal planning, especially for the unexpected nature of IT, can be a difficult and stressful experience. It can be easy to view your IT outlays as “necessary-evil” expenditures, instead of exciting technology investments. But that’s not the best, or even most cost-effective, way to attack your IT budget. Here’s an abridged Technology Self-Assessment Checklist. Use […]

Continue Reading →

Posted in: Best Practices

Leave a Comment (0) →
Page 1 of 153 12345...»
Facebook Auto Publish Powered By :