Old ATMs lack defences against malware attack

Old ATM infrastructure rather than use of high-tech skimming devices or targetting end-of-life XP operating systems is blamed for the recent spike in malicious software targeting ATMS according to a blog report by security expert Brian Krebs. Owen Wild, global marketing director security compliance solutions at ATM manufacturer NCR, whose ATMs were raided in a recent US$ 1 million malware-led heist in Malaysia, told Krebs, “It's occurring on ATMS from every manufacturer, multiple model lines and is not something endemic to NCR ATMs,” but conceded the NCR Persona ATM models attacked were at least seven years old –  and are used by half its installed base.

Wild added that stand-alone machines were a risk factor (allowing time to gain physical access for CD Rom and USB boots), whereas use of Windows XP was not a major factor as operating systems were being bypassed or manipulated with the software. Two main ways of ‘jackpotting' the ATM were cited. First are black box attacks – attaching an electronic device to bypass the ATM processing infrastructure and send an unauthorised dispense code to the ATM. Second and growing, is introduction of malware into older machines which have fewer protective mechanisms. “You don't have to be an ATM expert or have inside knowledge to generate or code malware for ATMs,” commented Wild.