Story image

Cybercriminals may turn ATM malware into an open source weapon

06 Nov 2017

Automatic teller machines (ATMs) may soon be facing more malware attacks as criminals develop better creation tools that others can add to their arsenal.

ATM malware has been on the scene since around 2009 after the Skimer malware was spotted infecting ATMs, allowing attackers to grab victims’ bank account numbers and PINs.

Trend Micro and GMV Secure e-solutions have developed predictions for the future of ATM malware and the companies say there are two main ways it will develop in future: malware creation kits and open source software.

Researchers Juan Jesús León and David Sancho believe that the current malware landscape is made up of two distinct groups.

 Simple malware families for use in network attacks are able to disable security on ATM endpoints after a lengthy setup process. León and Sancho say an ATM infection is just a way to monetise the criminals’ efforts and dispense money.

Complex malware families have physical components or measures to further crime business plans, say León and Sancho. They believe additional features such as switching networks off are able to strip any current protection.

Physical intrusion attacks are also creating tension between cybercriminals as some ‘go rogue’ and start conducting attacks of their own. León and Sancho say there is distrust amongst developers and ‘money mules’ which demands more complex malware.

The researchers believe there are two ways ATM malware will develop in future.

Malware creation kits will allow developers to customise malware for every attack. This could eventually see a criminal marketplace amongst gangs who resell the kits to other criminals.

“This would continue the increasing complexity of physical ATM malware we are currently seeing,” the researchers say.

The second way ATM malware may develop is through the use of open source tools for criminals. The tools would allow hackers to complete their network intrusion process.

“Why open source? We hypothesize that given the simplicity of the tool, that would be a great way for the criminals to hinder further investigation on the machines. Since the tool would be publicly accessible, there would be no more clues left behind in those very sensitive machines,” León and Sancho state.

While they admit these predictions may not eventuate, the current ATM malware landscape is pointing in that direction. They urge all stakeholders should take their predictions into account when protecting their assets in future.

“Don’t say we didn’t warn you,” they conclude.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.