On New Year’s Eve, researchers unveiled that hackers had been able to physically hack into ATMs throughout Europe, using USB drives. This came as little surprise to those who follow ATM security, and understand the inherent weaknesses in the model.
To begin with, a significant percentage of ATMs still run Windows XP, which has already been deemed highly insecure even for individual system use, let alone on ATMs. The chart below indicates current sentiment of ATM owners, regarding their migration beyond XP.
Which statement best identifies your organization’s opinion regarding the future direction of the ATM operating system environment?
In other words, much of today’s existing ATM software architecture is still based on Windows XP, rendering it vulnerable to many of the same threats that can be used across a broad range of devices. While 20% of survey respondents had already started their upgrade to Windows 7 or 8, a full 53% had not even begun the migration.
Hackers increasingly view ATMs as an easy target for attacks, and lucrative ones at that. During the last 5 years, there have been several incidents involving malware-affecting ATMs (including at Bank of America in 2010). Once installed, the malware can affect several aspects of the ATMs, doing things like emulating the host (to approve cash withdraw request), and capturing Track1/2 and PIN codes of credit and debit cards.
As these attacks start to cost banks hundreds of thousands, if not millions, across global, coordinated attacks, financial institutions are asking themselves what they can be doing to counter such threats. While upgrading to the latest software will help, it is only a matter of time before the attackers begin designing malware for the next generation of operating systems. So what can banks do?
As a first step, banks should look to conduct a full ATM software security audit, to understand their current security posture. This includes:
- Reviewing the ATM network security
- Reviewing their WinXP configurations
- Scanning for malicious code at the XP level
- Reviewing the NDC/DDC application and parameterization tables
- Conducting a code review of personalized routines
- Reviewing the software distribution strategy
Source: 2013 ATM Software Trends and Analysis
Once you have an understanding of your current security posture, continuous monitoring is critical for detecting unauthorized access as quickly and easily as possible, to prevent ongoing losses. This includes:
- Network connection monitoring
- File creation monitoring
- File manipulation activity
- Process usage monitoring
- Malware detection
- Real time reporting
No system is impenetrable. But as ATMs become a more frequent and lucrative target for attackers, financial institutions need to ensure they are taking the appropriate steps to make sure that cash is literally not leaving the bank through this highly attractive channel.