• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Malware’s Newest Leading Lady: Alice

Malware’s Newest Leading Lady: Alice

  • Posted on:December 20, 2016
  • Posted in:Business, Financial Services, Malware, Security
  • Posted by:
    Ed Cabrera (Chief Cybersecurity Officer)
0

This week our threat researchers from our Forward-Looking Threat Research Team (FTR) discovered a new family of ATM malware called Alice. Unlike other ATM malware families, Alice’s main focus is to empty the safe of ATMs.  Alice does not steal information, it only enables its users with physical access to machines to steal as much money as is available in the ATM.

 

 

ATM attacks are nothing new; cyber criminal gangs have been attacking ATMs since the 1990s, however the scope and scale of these attacks are a growing challenge. Attacks on financial payment systems are constantly evolving, from attacking interbank transfer systems such as SWIFT to the tried and true attacks on ATMs like the ones we have seen recently in Thailand, Taiwan and the UK.

Today there are well over 3 million ATMs around the world, with a new one added approximately every five minutes. Even with the growth of alternative payment systems ATM, usage is here to stay. According to Retail Banking Research (RBR), the U.S. currently has 432,000 ATMs, with around 110,000 bank branches where these ATMs delivered 5.6 billion cash withdrawals totaling $691 billion, up 4 percent from $666 billion in the previous year. Financial institutions continue to innovate to provide additional services and reduce costs of brick and mortar branches, however this could come at a greater cost by making them bigger targets for criminals. After all, as famous bank robber Willie Sutton allegedly said on why he robs banks, “Because that’s where the money is.” For the better part of a decade, the largest threat to ATMs have been skimming operations where track (account) data and PINs were captured via homemade in-line skimmers with either fake pad overlays or even hidden cameras. Only in the last few years have we seen the accelerated development and usage of ATM malware, which enables additional opportunities for cyber criminals to compromise ATMs globally.

ATM malware has been around since 2007.  Over the past nine years we have tracked and analyzed eight unique families, and the bulk of those families were discovered in the last 3 years. This type of increase in malware development usually coincides with a similar increase in attacks. Recent ATM attacks in Russia, Spain and the United Kingdom are even more ominous whereas early reports show these ATMs were attacked remotely.  Although Alice looks to be written for money mules who have physical access to machines, our researchers do show that Alice could be used via RDP, however we have no evidence yet of remote usage.

This newly discovered Alice ATM malware family was first discovered by Trend Micro in November 2016 as a result of an ongoing joint research project and partnership on ATM malware with Europol EC3. This incredibly valuable research highlights the power of private-public partnership. Only by working together can we collectively begin to lower the global risk posed by these attacks.

To read more about Alice, click here.

Related posts:

  1. Hackers cash in on ATM malware
  2. Attack The Machines: The lucrative business of ATM malware
  3. ATM Users May Soon Face More Malware
  4. Trend Micro discovers Alice malware. What is malware and how can it damage businesses?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.