Earlier this month it came to light that ATM malware was being used to extort large quantities of cash from banks. Now, Krebs on Security reports that such techniques are on the rise—and here to stay, too.
Krebs has spoken to Owen Wild, an expert at ATM producer NCR, to work out what the future of malware attacks at cash points looks like. Here are a few choice cuts from the interview about the worrying new trend.
On which machines are affected...
"The trend toward these new forms of software-based attacks is occurring industry-wide. It's occurring on ATMs from every manufacturer, multiple model lines..."
On why this is a major problem...
"You don't have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we're faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great."
On how manufacturers can prevent it from happening...
"[Y]ou lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks."
Which is all... a little terrifying. The entire interview is very interesting, though—go read it in full. [Krebs on Security]
Top image by Catatronic under Creative Commons license