Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

ATM malware spreading around the world

The software could become even more dangerous if engineered to behave like a network worm

Cash machines around the world are hosting malware that can harvest a person's card details for use in fraud, a situation that could worsen as the malware becomes more sophisticated, according to a security researcher.

Analysts at Trustwave's SpiderLabs research group were surprised earlier this year when it obtained the ATM malware sample from a financial institution in Eastern Europe, said Andrew Henwood, vice president of SpiderLabs's Europe, Middle East and Africa operation. Trustwave does forensic investigations for major credit card companies and financial institutions as well as penetration tests.

"It's the first time we have come across malware of this type," Henwood said.

The malware records the magnetic stripe information on the back of a card as well as the PIN (personal identification number). That data can be printed out on the ATM's receipt roll when a special master card is inserted to the ATM that launches a user interface. It can also be recorded on the magnetic stripe of that master control card.

"We were surprised at the level of sophistication," Henwood said. "It does make us generally pretty nervous."

Most ATMs run security software, but financial institutions haven't focused on their security as much as other systems, Henwood said.

"ATMs were kind of an afterthought and were considered to be fairly stable," Henwood said. "I'd say there's not been enough focus in the past on ATM infrastructure."

Those who wrote the malware have detailed knowledge about how ATMs work, Henwood said. The sample they tested ran on ATMs using Microsoft's Windows XP operating system.

The sample did not have networking capabilities, but that may be a natural evolution. That's particularly dangerous since most ATM machines in developed countries are networked. The danger is that the malware could be engineered into a worm that, once on one ATM, spreads through all ATMs on a network, Henwood said.

To install the malware, a person would need access to inside of the ATM or a port in which software could be uploaded. That means insiders could be involved, or cybercriminals have picked a lock on an ATM in order to install the software, Henwood said.

SpiderLabs has received information that similar malware has been found on ATMs now outside of Eastern Europe, Henwood said. Since then, the lab has provided detailed information on the malware to financial institutions and law enforcement, he said.

In March, security vendor Sophos found it had captured three ATM malware samples customized to target machines made by Diebold, around the same time SpiderLabs saw its first sample.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: e-Security, Microsoft, Sophos
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: ATM, malware, security
Latest Blog Posts
Whitepapers
  • Award-winning unified information security from Clearswift.
    Fully integrated web and email gateway security solution, providing - protection from inbound threats, policy based encryption, and data loss prevention.
    Learn more »
  • Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
    Software asset management (SAM) is a complex process that enables organisations to gain control of their software estate from both a license compliance and financial standpoint. In many organisations, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimate that 30% or more of IT budgets are consumed by software license and maintenance costs. By optimising the SAM process, organisations can maximise software utilisation, reduce the risk of non-compliance (audits, fees, penalties), and reduce overall IT costs by as much as 5 to 10% per year. Read on.
    Learn more »
  • Leveraging the Service Catalog to Scale Your MSP Business
    When assessing an MSP’s maturity and prospects, one question provides more insights than any other: “What’s in your service catalog?” A well-defined service catalog can set the framework for growth. The lack of a service catalog can significantly impede an MSP’s ability to scale. This paper explores why the service catalog is so vital, and provides some practical guidelines MSPs can apply in order to ensure their service catalog provides maximum utility and benefit.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments