By: David Sancho, Senior Threat Researcher at Trend Micro and Juan Jesús León, Product and New Development Manager of GMV Secure e-Solutions
Trend Micro and GMV – an industry expert on ATM security – presented last week in London, during ATMSec, a conference focused on the topic. Our presentation was on a very interesting and forward-looking topic: “The future of ATM malware.” On other occasions, we had talked about how ATM malware has been evolving over time. This time around, though, we hypothesized how this kind of malware may evolve in the mid-term.
Juan Jesús León and David Sancho created a model of the current ATM malware landscape based on how each of the families we know about is able to attack.
They then clustered them in two main groups with clearly defined features:
In summary, since ATM attacks coming from the network have more possibilities to disable security on the ATM endpoints, the malware or tools used were simple in nature. The reason is that those attacks had already overcome quite a few hurdles in order to arrive to their final setup, so the actual ATM infection was a mere tool to monetize all the criminals’ previous intrusion efforts: these tools were just a means to tell the ATM to dispense money.
On the other hand, physical intrusion usually requires that the machine be unprotected in order for the attack to be effective. If this is not the case, the malware usually has additional capabilities, like turning off the network or other advanced features. On top of this, the criminals implement measures to prevent stand-alone members of the criminal gang to go rogue and start victimizing more ATMs on their own. This lack of trust between developers and money mules necessitates more complex malware and additional features besides simply dispensing cash.
What can we expect in the future in this burgeoning malware field? GMV and Trend Micro put forth two possibilities:
These two predictions may or may not come to pass but they do make sense, given the current state of the ATM malware landscape. GMV and Trend Micro have put a lot of thought into these predictions and given the shared experience between both companies in the field, we believe stakeholders in these projects should take them into account when protecting these environments. Don’t say we didn’t warn you.