Story image

Cybercriminals may turn ATM malware into an open source weapon

06 Nov 17

Automatic teller machines (ATMs) may soon be facing more malware attacks as criminals develop better creation tools that others can add to their arsenal.

ATM malware has been on the scene since around 2009 after the Skimer malware was spotted infecting ATMs, allowing attackers to grab victims’ bank account numbers and PINs.

Trend Micro and GMV Secure e-solutions have developed predictions for the future of ATM malware and the companies say there are two main ways it will develop in future: malware creation kits and open source software.

Researchers Juan Jesús León and David Sancho believe that the current malware landscape is made up of two distinct groups.

 Simple malware families for use in network attacks are able to disable security on ATM endpoints after a lengthy setup process. León and Sancho say an ATM infection is just a way to monetise the criminals’ efforts and dispense money.

Complex malware families have physical components or measures to further crime business plans, say León and Sancho. They believe additional features such as switching networks off are able to strip any current protection.

Physical intrusion attacks are also creating tension between cybercriminals as some ‘go rogue’ and start conducting attacks of their own. León and Sancho say there is distrust amongst developers and ‘money mules’ which demands more complex malware.

The researchers believe there are two ways ATM malware will develop in future.

Malware creation kits will allow developers to customise malware for every attack. This could eventually see a criminal marketplace amongst gangs who resell the kits to other criminals.

“This would continue the increasing complexity of physical ATM malware we are currently seeing,” the researchers say.

The second way ATM malware may develop is through the use of open source tools for criminals. The tools would allow hackers to complete their network intrusion process.

“Why open source? We hypothesize that given the simplicity of the tool, that would be a great way for the criminals to hinder further investigation on the machines. Since the tool would be publicly accessible, there would be no more clues left behind in those very sensitive machines,” León and Sancho state.

While they admit these predictions may not eventuate, the current ATM malware landscape is pointing in that direction. They urge all stakeholders should take their predictions into account when protecting their assets in future.

“Don’t say we didn’t warn you,” they conclude.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.