banking

Midway through 2010 the recovery in the corporate governance recruitment market that was evident at the start of the year is now firmly established. As recruitment consultants we have been genuinely surprised at the strength of the recovery. The recovery is focused on the financial sector and is a result of both renewed growth in the sector and greater regulatory oversight. Investment in corporate governance has clearly become a priority.

Sophos just shared news on a malware targetting ATM systems.

This is a new type of highly targetting attacks - where the attacker tagets something very special. I have warned about such things before, mainly attacks targetting single corporations for ransom or information theft. The challenge with these kinds of attacks is that they usually drop below the radar of typical AV tools - especially the signature based ones.

To me, it is totally natural to attach ATMs. After all, that is where the money is!! The malware in use skimmed the CC numbers, and sent it to the attacker.

ATM attacks traditionally involved HW attacks - like skimming devices and pin code collectors. It is a natural development that it is moved to software, residing on the ATM itself. One of many challenges is to protect against this type of attacks - and to discover them.

How will we protect ourselves? AV on the ATM? Pentesting the ATM? I would think a mixture of hardening the OS - including a signature based mirror, so alterations would be detected, reported and require authentication would be important. Further, I expect some sort of network monitoring, allowing ONLY authorized traffic to white listed targets (i.e. the bank system) would help too. After all, the malware need to communicate, and by shutting of any and all traffic that is not directly related to the transaction, the malware is not able to communicate with its owner.

This kind of scenario of closing down everything is fully duable in a ATM network, as the ATM itself only requires a small amount of traffic and communication, unlike your desktop computer. So monitoring and controlling this traffic would be easy, and not even introduce lags.

What do you think? Are there other ways to stop this kind of malware? Where do you expect to see similar attacks in the future? What will happen when we hook up the fridge to the net - will it be attacked too?