sb-nz logo
Story image

Cybercriminals may turn ATM malware into an open source weapon

06 Nov 2017

Automatic teller machines (ATMs) may soon be facing more malware attacks as criminals develop better creation tools that others can add to their arsenal.

ATM malware has been on the scene since around 2009 after the Skimer malware was spotted infecting ATMs, allowing attackers to grab victims’ bank account numbers and PINs.

Trend Micro and GMV Secure e-solutions have developed predictions for the future of ATM malware and the companies say there are two main ways it will develop in future: malware creation kits and open source software.

Researchers Juan Jesús León and David Sancho believe that the current malware landscape is made up of two distinct groups.

 Simple malware families for use in network attacks are able to disable security on ATM endpoints after a lengthy setup process. León and Sancho say an ATM infection is just a way to monetise the criminals’ efforts and dispense money.

Complex malware families have physical components or measures to further crime business plans, say León and Sancho. They believe additional features such as switching networks off are able to strip any current protection.

Physical intrusion attacks are also creating tension between cybercriminals as some ‘go rogue’ and start conducting attacks of their own. León and Sancho say there is distrust amongst developers and ‘money mules’ which demands more complex malware.

The researchers believe there are two ways ATM malware will develop in future.

Malware creation kits will allow developers to customise malware for every attack. This could eventually see a criminal marketplace amongst gangs who resell the kits to other criminals.

“This would continue the increasing complexity of physical ATM malware we are currently seeing,” the researchers say.

The second way ATM malware may develop is through the use of open source tools for criminals. The tools would allow hackers to complete their network intrusion process.

“Why open source? We hypothesize that given the simplicity of the tool, that would be a great way for the criminals to hinder further investigation on the machines. Since the tool would be publicly accessible, there would be no more clues left behind in those very sensitive machines,” León and Sancho state.

While they admit these predictions may not eventuate, the current ATM malware landscape is pointing in that direction. They urge all stakeholders should take their predictions into account when protecting their assets in future.

“Don’t say we didn’t warn you,” they conclude.

Story image
M.Tech to distribute Securonix SIEM in A/NZ
The partnership adds to Securonix’s investments in infrastructure and personnel in Asia-Pacific following 100% year over year revenue growth in the region.More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Network visibility is the crux of security in 2020
Resilience sits at the heart of security, and there is a need for organisations’ architecture, processes and strategies to be more impervious in order to continue to ensure protection, writes Gigamon A/NZ manager George Tsoukas.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More