Article

Diebold ATMs in Russia targeted with malware

Marcia Savage

Diebold Inc. issued a security update for its Windows-based ATMs after criminals attacked a number of them in Russia and installed malware designed to steal sensitive data.

    Requires Free Membership to View

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

North Canton, Ohio-based Diebold alerted customers about the break-ins and the security update in January. The attacks, which were isolated to Russia, involved physical access to ATMs and were not a network-level security compromise, the company said in its notice. The suspects in the case have been apprehended, according to Diebold.

Diebold spokeswoman DeAnn Zackeroff said the physical attacks on the machines were very low-tech but that the malware installation indicated that the attackers were highly sophisticated.

She said a number of machines in Russia were attacked, but that Diebold moved quickly to alert its customers and issue the software update.

In a letter to customers, Scott Angelo, Diebold vice president and chief security officer, said the software update is a precautionary measure. "Diebold believes this update will help prevent the attack that was targeted in Russia from occurring at Diebold ATMs in other regions in the future," he said.

In its alert, Diebold noted the risk to the ATMs was "significantly increased" if the Windows administrative password has been compromised, the hardened version of Windows provided by Diebold isn't used, or if the Sygate/Symantec firewall provided with Diebold Agilis software has been disabled or isn't configured properly. The company advised its customers of security best practices, including changing the default Windows password on its Windows-based ATMs, and making periodic changes to the administrative password.

Vanja Svajcer, a principal virus researcher at UK-based antivirus supplier Sophos Plc., this week discovered the malware that targeted the Diebold ATMs.

In an interview, Graham Cluley, senior technology consultant at Sophos, said the malware appeared to be the first targeting ATMs.

"Obviously, fraudsters have tried to connect devices to ATMs before," he said. "Normally they attach them on the outside of the machine, so there's something for the public to see, but if they install malware onto the machine, there's nothing for the human eye to see."

While Sophos researchers can't test the malware on an ATM, Cluley said it appears that the malware tried to copy an ATM user's card and PIN numbers and then waited until a member of the criminal gang inserted a specially crafted card into the machine. The software would recognize the card and print out the stolen card and PIN numbers onto the paper ATM receipt.

SearchSecurity radio:

The incident isn't reason for people to panic about using cash machines, Cluley said.

"We only have reports of this occurring in Russia. The hackers needed physical access to the device to install the software," he said.

Plus, the attackers needed inside knowledge of the ATMs, he added. "When we looked at the malware, it was communicating with the ATM machine and sending instructions. They wouldn't have known what instructions to send unless they had inside information about the way the ATM worked," he said.

Still, as more cybercrime is financially driven, the temptation for criminal gangs to hire insiders to help them in these schemes could increase, he said.

"This latest offense against Diebold's ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime," Angelo wrote in the letter to customers. "Security is one of Diebold's absolute priorities and our engineers are working constantly to address emerging ATM security threats."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: