• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Financial Services   »   Attack The Machines: The lucrative business of ATM malware

Attack The Machines: The lucrative business of ATM malware

  • Posted on:September 26, 2017
  • Posted in:Financial Services, Malware, Security
  • Posted by:
    Ed Cabrera (Chief Cybersecurity Officer)
0

Trend Micro and Europol’s European Cybercrime Centre (EC3) today released a publicly available report on the ATM malware landscape. This builds on the 2016 report that was privately released to financial institutions and law enforcement agencies globally. The report digs into the depth and breadth of malware targeting ATMs, as well as the perpetrators behind the attacks.

Growth and Innovation of ATMs

Globally we’ve seen a steady growth of ATMs that is predicted to increase to 4 million by 2021, however in the United States we’ve seen only nominal growth probably due to several things including EMV migration. Well that trend appears to be shifting.

 

According to new analysis by the ATM Industry Association (ATMIA), we’ve reached a new milestone – there are now between 475,000 and 500,000 ATMs operating in the U.S.

ATM innovation around new capabilities and services is growing, as well. This will have a direct impact on brick-and-mortar banks. The result will be fewer and smaller branches using more and more capable ATMs. The machines already offer person-to-person (P2P) money transfer capabilities that provide advantages including increased availability of cash, lower transaction costs, accessibility across currencies, and buying and selling crypto-currencies. According to Coin ATM Radar, there are nearly 1,600 Bitcoin ATMs globally.

In the future we’ll see cardless cash transactions enabled by Near Field Communication (NFC), Bluetooth and iBeacon-enabled mobile phones. Additionally, we’ll have application-based services that are more personal and customizable. However, greater connectivity and app driven services also introduces greater risk. It is critical that similar innovation occurs around the physical and network security of ATMs to keep ahead of the risk evolution.

Physical vs Network

Physical and network-based malware attacks on ATMs are on the rise. In the physical attack section of the report, our researchers break down the common denominator of many ATM malware – the XFS (extensions for financial services) middleware. Middleware providers use the XFS standard to create client-server architecture for financial applications on Microsoft Windows platforms. Financial applications through the XFS manager using XFS APIs communicate with peripherals such as PIN pads, cash dispensers, and receipt printers. This middleware is the connective tissue within many ATMs regardless of make, model or vendor. Exploiting the universality of XFS to “jackpot” ATMs equates to a huge ROI for malware developers as they can conduct one to many campaigns.

In the network-based attack section our researchers analyze recent noteworthy attacks. In July 2016, Eastern European cybercriminals used malware to withdraw 2.5 million in cash from 41 ATMS in three cities in Taiwan. Others are also described in the report such as Cobalt Strike, Anunak/Carbanak, Ripper and ATMitch. All these attacks and campaigns highlight the systemic vulnerability of insecure corporate networks that ultimately serve as the gateways to exploiting global ATM infrastructure.

Securing ATMs 

Mitigating the risks posed by ATMs to banks and consumers is a significant task. Here are a few tips to help security administrators in financial organizations get started.

  • Keep your operating system, software stack and security configuration up to date
  • Apply timely patches to corporate network infrastructure and ATMs
  • Use whitelisting technology to protect your environment because most machines are “fixed function devices”
  • Introduce intrusion prevention and Breach detection mechanisms to identify malicious system behavior to protect ATMs during operation
  • Ensure real-time monitoring of security relevant hardware and software events
  • Deploy and actively use anti-malware solutions on technician’s notebooks and USB devices
  • Train service technicians to handle USB removable media devices with due care

For financial institutions and law enforcement agencies interested in detecting ATM malware and protecting against it, we once again have a private version of the paper. To request a copy, please email publicrelations@trendmicro.com.

Related posts:

  1. Malware’s Newest Leading Lady: Alice
  2. Trend Micro discovers Alice malware. What is malware and how can it damage businesses?
  3. Hackers cash in on ATM malware
  4. ATM Users May Soon Face More Malware

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.