ATMs have always attracted the attention of criminals.
To get at the contents of these machines, attackers have resorted (and sometimes still resort) to drastic measures: using power drills, circular saws, blowtorches, explosives and even trying to tow them away with a vehicle. Later, they began using a variety of skimmers – special devices designed to steal the bank card details that an ATM requires.
However, with the introduction of the international standard ‘EMV’ (Europay, MasterCard, VISA), which defines a number of requirements for interaction between a credit card and a payment device, the security of financial transactions made via ATMs has grown significantly. The volume of ATM skimming has dropped noticeably as a result.
However, the criminals have not given up: instead of the odd attempt to tackle ATMs with power tools or metal rope, they have begun using specially crafted malware.
They no longer require explosives or a “white plastic” card (a specially prepared card with data from a stolen payment card). All they need do is infect an ATM with a Trojan, allowing them to withdraw all the banknotes from the ATM whenever they want. As well as stealing money, criminals can also disrupt the operation of the machine, and launch a DoS (Denial of Service) attack, which will cause financial losses for the bank that owns the ATM.
Monitoring for safety (Don't compromise security with money)
To protect against threats where cybercriminals use the standard tools installed on ATMs, IT security administrators need to take proactive measures:
• Eliminate the possibility of remote access to the ATM.
• Prevent any critical manipulations of its equipment
• Use a single tool to monitor and ensure ATM safety.
In our case, this monitoring tool is Kaspersky Security Center, part of Kaspersky Embedded Systems Security. It gathers information on the status of each ATM device and also supports reporting from third-party monitoring tools installed on ATMs. So ATM administrators can analyze the status of each device in
Kaspersky Security Center, while at the same time keeping additional “front doors” (Remote Access Tools) shut against attackers.
Safeguarding ATMs; the bottom line
The ATM operating system is a specific counterpart to the traditional workstation OS, with all the accompanying risk.
This means that even if the ATM isn’t subjected to a targeted attack involving a specially developed Trojan, there’s always the risk of being infected with standard desktop malware, which can also disrupt the operation of the machine and result in serious financial losses.
For this reason, Kaspersky Lab’s security solution for embedded systems integrates anti-virus technologies designed to protect not only against ATM-specific threats but also against all forms of malicious software that may occur in the operating system and which could disrupt services.
Financial institutions need to pay more attention to the protection of their cash machines and consider the security of both hardware components and ATM operating systems, as well as the wider network infrastructure.
They can do this by using protection tools that have long been used in corporate networks, as well as specialized security solutions for embedded systems.
However, if an incident does occur, it’s important to react quickly and actively cooperate with law enforcement agencies and companies specializing in IT security.