For some ATM thieves, swiping card data involves too much patience — they’d rather just take the money and run. The US Secret Service has warned ATM makers Diebold Nixdorf and NCR that “jackpotting” hacks, where crooks force machine to cough up large sums of cash, have reached the US after years of creating problems in Asia, Europe and Mexico. The attacks have focused largely on Diebold’s front-loading Opteva ATMs in stand-alone locations, such as retail stores and drive-thrus, and have relied on an combination of malware and hardware to pull off heists. In previous attacks, the thieves disguised themselves as technicians to avoid drawing attention. After that, they hooked up a laptop with a mirror image of the ATM’s operating system and malware (Diebold also mentioned replacing the hard drive outright). Security researcher Brian Krebs understands American ATMs have been hit with Ploutus.D, a variant of “jackpotting” malware that first launched in 2013. The mirror image needs to be paired with the ATM to work, but that’s not as difficult as you might think — the intruders used endoscopes to find and press the necessary reset button inside the machine. Once done, they attached keyboards and used activation codes to clean out ATMs within a matter of minutes. NCR hasn’t been explicitly targeted in these attacks, but it warned that this was an “industry-wide issue” and urged caution from companies using its ATMs. It’s definitely possible to thwart attacks like this. The Secret Service warned that ATMs still using Windows XP were particularly easy targets, and that updating to Windows 7 (let alone Windows 10) would protect against these specific attacks. Diebold also recommended updating to newer firmware and using the most secure configurations possible. And both organizations recommended physical security changes, such as using rear-loading ATMs, locking down physical access and closely watching for suspicious activity like opening the machine’s top. The catch, of course, is that ATM operators either haven’t been diligent or may have a hard time justifying the updates. It’s telling that victim machines have been running XP, a 16-year-old platform whose official support ended in 2014 — the odds aren’t high that companies will keep their ATMs up to date, let alone replace them with more secure models or institute advanced defenses. You may not see a widespread attempt to combat jackpotting in the US until the problem becomes too large to ignore. Via: Reuters Source: Krebs on Security
Continue reading here:
ATM ‘jackpotting’ hacks reach the US
An anonymous reader shares a report from the International Energy Agency: The number of electric cars on the roads around the world rose to 2 million in 2016, following a year of strong growth in 2015, according to the latest edition of the International Energy Agency’s Global EV Outlook. China remained the largest market in 2016, accounting for more than 40% of the electric cars sold in the world. With more than 200 million electric two-wheelers and more than 300, 000 electric buses, China is by far the global leader in the electrification of transport. China, the US and Europe made up the three main markets, totaling over 90% of all EVs sold around the world. Electric car deployment in some markets is swift. In Norway, electric cars had a 29% market share last year, the highest globally, followed by the Netherlands with 6.4%, and Sweden with 3.4%. The electric car market is set to transition from early deployment to mass market adoption over the next decade or so. Between 9 and 20 million electric car could be deployed by 2020, and between 40 and 70 million by 2025, according to estimates based on recent statement from carmakers. Read more of this story at Slashdot. 