ATMs Hijacked by Malware

In response to research by Kaspersky which states that ATMs can easily be hacked by cyber criminals, Mark James, Security Specialist at ESET commented below:

Why are many banks still using old models of ATMS, which lack in security?

“There may be many reasons for still using the older insecure models but one of the biggest will almost certainly be cost; the sheer amount of money involved in purchasing, configuring, installing the new models and of course disposing of the old ones will be enormous. Banks will probably perceive the small risk of attack and those costs compared to replacing all the current models and weigh up the pros and cons. I would imagine the old saying of “if it ain’t broke don’t fix it” will be a big factor here. The newer models will of course be filtered in to replace broken or units earmarked to be renewed but it’s quite a task to just remove and replace perfectly working ATM’s.”

Is ATM hacking becoming more appealing to hackers than online fraud?

“Hackers are looking for as many ways as possible to make money. Internet banking fraud is a great opportunity for the cyber criminals but I am sure the actual feeling of holding cold, hard cash, that unlike digital currency, can be used anywhere will be very appealing. It’s all about looking for as many opportunities as possible, if you sow enough seeds you will get flowers eventually.”

What should banks do to reduce the risks?

“Of course the most important things that can be done right now is making sure the software used on these units is up to date and patched as thoroughly as possible. Any and all software needs to be vetted and where possible replaced with current versions and close attention paid to known exploits in both software and hardware (firmware). Access to both physical and remote needs should be monitored and regularly reviewed to see if it can be compromised or spoofed and any findings should be actioned with speed and urgency.”