ATM

Sophos just shared news on a malware targetting ATM systems.

This is a new type of highly targetting attacks - where the attacker tagets something very special. I have warned about such things before, mainly attacks targetting single corporations for ransom or information theft. The challenge with these kinds of attacks is that they usually drop below the radar of typical AV tools - especially the signature based ones.

To me, it is totally natural to attach ATMs. After all, that is where the money is!! The malware in use skimmed the CC numbers, and sent it to the attacker.

ATM attacks traditionally involved HW attacks - like skimming devices and pin code collectors. It is a natural development that it is moved to software, residing on the ATM itself. One of many challenges is to protect against this type of attacks - and to discover them.

How will we protect ourselves? AV on the ATM? Pentesting the ATM? I would think a mixture of hardening the OS - including a signature based mirror, so alterations would be detected, reported and require authentication would be important. Further, I expect some sort of network monitoring, allowing ONLY authorized traffic to white listed targets (i.e. the bank system) would help too. After all, the malware need to communicate, and by shutting of any and all traffic that is not directly related to the transaction, the malware is not able to communicate with its owner.

This kind of scenario of closing down everything is fully duable in a ATM network, as the ATM itself only requires a small amount of traffic and communication, unlike your desktop computer. So monitoring and controlling this traffic would be easy, and not even introduce lags.

What do you think? Are there other ways to stop this kind of malware? Where do you expect to see similar attacks in the future? What will happen when we hook up the fridge to the net - will it be attacked too?

Hoff at Rational Security blog is giving a helping hand - as long as it is not to someone fighting against the Norton Pop-ups. Must admit, I am willing to fight the Norton Pop-ups anytime - and replace them with something a little more subtle. Something that knows its place on the computer - and do not bother the user with messages that not even the best of security worker can understand. 

So - the Hoff story.  

I like the fact that it is possible to exchange a security lesson with bowling. 

But - the fact that even ATM vendors are neglecting security is not a good deed at all. They really should know better.  I mean, we are no longer in the 1980! No wonder why companies in not-so-secure industries are having a hard time understanding.