Story image

Cybercriminals may turn ATM malware into an open source weapon

06 Nov 17

Automatic teller machines (ATMs) may soon be facing more malware attacks as criminals develop better creation tools that others can add to their arsenal.

ATM malware has been on the scene since around 2009 after the Skimer malware was spotted infecting ATMs, allowing attackers to grab victims’ bank account numbers and PINs.

Trend Micro and GMV Secure e-solutions have developed predictions for the future of ATM malware and the companies say there are two main ways it will develop in future: malware creation kits and open source software.

Researchers Juan Jesús León and David Sancho believe that the current malware landscape is made up of two distinct groups.

 Simple malware families for use in network attacks are able to disable security on ATM endpoints after a lengthy setup process. León and Sancho say an ATM infection is just a way to monetise the criminals’ efforts and dispense money.

Complex malware families have physical components or measures to further crime business plans, say León and Sancho. They believe additional features such as switching networks off are able to strip any current protection.

Physical intrusion attacks are also creating tension between cybercriminals as some ‘go rogue’ and start conducting attacks of their own. León and Sancho say there is distrust amongst developers and ‘money mules’ which demands more complex malware.

The researchers believe there are two ways ATM malware will develop in future.

Malware creation kits will allow developers to customise malware for every attack. This could eventually see a criminal marketplace amongst gangs who resell the kits to other criminals.

“This would continue the increasing complexity of physical ATM malware we are currently seeing,” the researchers say.

The second way ATM malware may develop is through the use of open source tools for criminals. The tools would allow hackers to complete their network intrusion process.

“Why open source? We hypothesize that given the simplicity of the tool, that would be a great way for the criminals to hinder further investigation on the machines. Since the tool would be publicly accessible, there would be no more clues left behind in those very sensitive machines,” León and Sancho state.

While they admit these predictions may not eventuate, the current ATM malware landscape is pointing in that direction. They urge all stakeholders should take their predictions into account when protecting their assets in future.

“Don’t say we didn’t warn you,” they conclude.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.