ATM malware is nothing new. The first such program that targeted ATMs specifically was discovered in 2009, and criminals and banking security professionals are engaged in a constant arms race as technology advances and hackers find new vulnerabilities that must be dealt with.
However, until recently, most ATM malware attacks tended to have one thing in common – they needed a physical connection with a specific machine. This typically involves removing the ATM’s fascia to access its inner workings, in order to load their malware directly from a CD or USB stick. While effective, this comes with risk for the criminal, as it takes time and they would often have to use force to access the system, making physical and camera security a useful deterrent and limiting the scheme to more isolated ATMs.
But in response to this, as well as improving ATM security measures, it seems hackers are developing new ways of accessing ATMs that do not have these drawbacks, as network-based malware attacks that do not require physical access increase.
New report warns of network-based risks
A recent report published by Europol and Trend Micro has highlighted the growing threats of network-based ATM malware attacks. The report observed that as the complexity of malware has evolved significantly in recent years, the size and scope of these attacks is increasing – and banks that may have believed themselves safe from such intrusions will have to think again.
Network-based attacks do require a higher level of both skill and patience compared with physical malware injections, with the main challenge lying in accessing the ATM network from the bank’s main network.
“In a well-planned network architecture, these two should be separated and accessing one from the other should involve bypassing firewalls and possibly other security elements,” the report stated. “Sadly, some banks do not have this network separation.”
However, even if such segregation exists, there have been recorded instances of criminals intruding so deeply into banks’ networks they can overcome these protections. The report noted that in the past, “banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks”. However, recent incidents from around the world have proved that this is no longer the case.
What can customers do?
While the trends seem to show a depressing trend and outlook, it is critical to point out that these attacks can largely be prevented. ATM operators need to take a very strategic look at their ATM security strategy. Deployment of layered solutions that protect the network, ATM software and stack and operating systems can effectively prevent the successful loading of malware onto an ATM.