In 1967 the ATM was born, and the cash-dispensing revolution began. Though the spread of ATM usage was more prevalent in the 1980s within the U.S., ATM usage took off in Europe by the beginning of the 1970s. Also turning 50 soon is one of the first thefts from an ATM, as the Smithsonian reminds us of the stolen ATM token in 1968 by proto-hackers in Sweden.
Now this is not to say ATMs are the same as the original 1967 prototype, as many advances have been made with regards to structure and design, but the question many ask seems to reoccur: Can current ATM machines keep up with the latest malware?
Getting Inside of an ATM
As Securelist points out, the process of stealing money from ATMs using malware consists of four stages:
- Local/remote access to the machine
- Malicious code is injected into the ATM system
- Infection is followed by rebooting of ATM
- The final stage is theft
And, as Catalin Campo notes, ATM malware can fall into one of two categories, or both: ATM malware that lies hidden and collects payment card data, logs it, and sends it to crooks; and malware that allows attackers to send real-time commands to the ATM.
In 2015, a new breed of ATM malware was discovered by Proofpoint, which they dubbed “GreenDispenser”. Summarized by Thoufique Haq at Proofpoint,
“GreenDispenser provides an attacker the ability to walk up to an infected ATM and drain its cash vault. When installed, GreenDispenser may display an ‘out of service’ message on the ATM -- but attackers who enter the correct pin codes can then drain the ATM’s cash vault and erase GreenDispenser using a deep delete process, leaving little if any trace of how the ATM was robbed.”
This stealthy methodology is sweeping ATMs across the world leaving no trace of its attack. The malware author tries to reduce the chance of being detected by deleting itself before detection occurs. Most recently, affected ATMs in Europe were infected with malware after attackers exploited the banks' internal networks and virtually navigated to the cash machine, pushing malicious updates.
Why Real-Time Security Detection Matters
Real-time detection and remediation can mean the difference between a security incident and a loss of protected information leading to devastating financial repercussions.
Real-time detection also allows organizations to avoid public embarrassment, customer defection, and other side-effects of a highly-publicized breach.
As previously noted in six signs of a data breach in progress, how you respond with speed to emerging issues within your security layers could cost millions of dollars. However, will the dollars dwindle as many believe ATMs to be archaic?
CNN 2015 figures from the U.S. show how cash was used in 32% of all transactions, the highest of any payment method. Though the increase in online and mobile banking could alter the amount of cash needed within certain industries, the fact remains: detection and prevention of malware need to still exist.
Meet FFIEC Requirements and Stay Secure
Today’s IT networks are not solely comprised of a few servers, but rather a complex web of systems, applications, and devices that must function properly at all times.
Changes in the IT environment can have devastating consequences and can be a signal for malicious activity, or a data breach. That’s why detecting changes and being able to respond to them quickly is a critical component of a solid IT security program.
CimTrak is an integrity and compliance tool that helps financial institutions of all sizes ensure the confidentiality, integrity, and availability of critical IT systems and data. Based on cutting-edge file integrity monitoring, CimTrak allows users to go beyond simply monitoring files for changes to ensure the overall security of the entire IT environment.
Learn more about how to meet FFIEC requirements today.
March 14, 2017