sb-as logo
Story image

Cybercriminals may turn ATM malware into an open source weapon

06 Nov 2017

Automatic teller machines (ATMs) may soon be facing more malware attacks as criminals develop better creation tools that others can add to their arsenal.

ATM malware has been on the scene since around 2009 after the Skimer malware was spotted infecting ATMs, allowing attackers to grab victims’ bank account numbers and PINs.

Trend Micro and GMV Secure e-solutions have developed predictions for the future of ATM malware and the companies say there are two main ways it will develop in future: malware creation kits and open source software.

Researchers Juan Jesús León and David Sancho believe that the current malware landscape is made up of two distinct groups.

 Simple malware families for use in network attacks are able to disable security on ATM endpoints after a lengthy setup process. León and Sancho say an ATM infection is just a way to monetise the criminals’ efforts and dispense money.

Complex malware families have physical components or measures to further crime business plans, say León and Sancho. They believe additional features such as switching networks off are able to strip any current protection.

Physical intrusion attacks are also creating tension between cybercriminals as some ‘go rogue’ and start conducting attacks of their own. León and Sancho say there is distrust amongst developers and ‘money mules’ which demands more complex malware.

The researchers believe there are two ways ATM malware will develop in future.

Malware creation kits will allow developers to customise malware for every attack. This could eventually see a criminal marketplace amongst gangs who resell the kits to other criminals.

“This would continue the increasing complexity of physical ATM malware we are currently seeing,” the researchers say.

The second way ATM malware may develop is through the use of open source tools for criminals. The tools would allow hackers to complete their network intrusion process.

“Why open source? We hypothesize that given the simplicity of the tool, that would be a great way for the criminals to hinder further investigation on the machines. Since the tool would be publicly accessible, there would be no more clues left behind in those very sensitive machines,” León and Sancho state.

While they admit these predictions may not eventuate, the current ATM malware landscape is pointing in that direction. They urge all stakeholders should take their predictions into account when protecting their assets in future.

“Don’t say we didn’t warn you,” they conclude.

Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More