It is a commonly held myth that ATM machines are not vulnerable to the type of malware infections that plague other endpoint systems because they are more isolated from their network and end user interactions. While this makes them more difficult to infect, there is ample evidence that determined criminals are able to overcome these obstacles to succeed with ATM malware breaches.
ATM Malware Breaches
In 2013, the researchers at the annual Chaos Computing Congress in Hamberg reported that hackers were able to infect cash machines at an unnamed bank by cutting a hole in the machine and transferring malware from a USB into the system. The hackers covered their tracks by patching the holes and the banks only learned of the breach when they discovered that the machines had been emptied of cash.
The software the hackers used did not rely on identifying any specific customer account or account information. It identified the quantities of the various currency denominations and allowed the criminals to simply withdraw the currency by denomination.
In March 2014, malware that targets ATM Machines dubbed Ploutus was identified. Because the hackers need to physically access the machine, it is has been seen primarily on standalone ATM machines, such as found at retail stores. Ploutus allows the hackers to control the machine and withdraw an unlimited amount of cash. A recent version of the malware allows the hackers to control it remotely using text messages. This requires the hackers setting up a mobile phone within the machine.
Not all malware found infecting ATMs requires physical access to the machine. Some get into the machine through vulnerabilities in the institutions network security to deposit the malware on the endpoint itself. In 2013, the malware called “Dump Memory Grabber” was identified as infecting POS and ATMS stealing credit card data. The malware is able to scan the memory of ATMs to obtain the card data
According to the security firm Group-IB the malware may have been use to steal card data at major US banks, including Chase, Capitol One and Citibank. It may be small comfort, but Group-IB believes that “Dump Memory Grabber” was being spread by “insiders” who had authorized access to the targeted endpoints.
How are ATMs Vulnerable?
While organizations attempt to isolate them from their network and limit access via a user interface, an ATM is simply an endpoint computer that is not much different than your common desktop. In fact, most ATMs use the Windows operating system that is the favorite target platform of hackers and fraudster.
When Microsoft discontinued security updates for Windows XP in April of this year, most ATMs were still using the venerable OS first introduced in 2001. Unsupported operating systems are a prime target for hackers.
No matter how secure you think your ATM is, hackers have proven that they can defeat any conventional approach. As the examples on the prior page indicate, hackers can infect your ATM with malware by:
- Compromising Network Security
- Enlisting conspirators inside your organization
- Physically compromising the machine.
Secure Your ATM Software, Not Just Your ATM Machine
The safest assumption for ATM Security is to assume that detection will fail. Your application must be able to operate safely in an already infected environment. This why Comodo invented a unique solution called SecureBox.
Comodo SecureBox is not endpoint protection. It is a fortress where your application software can run safely and communicate securely on a compromised machine. Like a medieval castle, it provides safe harbor in an increasingly hostile landscape.
Learn more about SecureBox