Here’s how to protect your ATMs against new malware

Security research firm Trend Micro has reported that suddenly ATMs are under a new kind of assault. Dubbed Alice by Trend Micro, this malware aims to steal the cash in the ATM.

There are ways to defend your ATMs – this very much is a winnable battle – but first recognize that it is a battle.

Used to be, when it came to losing all the cash in an ATM that had to involve physical theft of the machine – which occasionally still happens (recently at the Red River Federal Credit Union in Texarkana, Texas).  That incident involved a stolen forklift and, obviously, not that many crooks have so much industry and knowhow.

Then, too, other crooks stole from ATMs by making counterfeit credit cards and putting mag stripe data on them.  But nowadays EMV is shutting down a lot of that theft.

Better, faster data analytics – and fraud prediction tools – also are stopping a lot of fraudulent transactions before they happen.

The past few years have seen a lot of defensive innovation aimed at safeguarding ATMs.

Enter new breed ATM malware like Alice.

“We don’t know how many [Alice] incidents there have been,” acknowledged Trend Micro chief cybersecurity officer Ed Cabrera. But, he added, Trend Micro researchers believe “Alice has been in the wild for quite some time.”  Some research dates its first occurrence as late 2014.

A sliver of good news about Alice: unlike the vast majority of ATM attacks in the past decade it has no interest in skimming member PINs.

But with Alice installed on an ATM, a crook – using an external keyboard or a remote computer – can instruct the ATM to spit out cash.

You know how much money is in your ATMs.  Most – typically – have under $10,000. But some, occasionally, have hundreds of thousands of dollars.  Thus the appeal of Alice to crooks.

Here’s where the Alice story gets maddening: Trend Micro believes ATMs are inflected with Alice via physical access, that is, the crook opens the machine and installs Alice vis a USB drive or a CD-Rom.

Exactly how or when that occurs without detection is a mystery.

That cumbersome means of compromise is why some researchers dismiss Alice as a small threat – but Trend Micro also has said that it is seeing more kinds of malware in addition to Alice that are targeted at emptying out ATMs of cash.

This is no surprise to the experts. Remember this: a sophisticated crook can go online – eBay for instance – buy an ATM for a few hundred dollars, and take it apart in search of vulnerabilities. That’s why Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif. threat detection firm, said: “Back to the ability for anyone to gather intelligence on the architecture or designs of [ATMs]…makes targeting them too easy. Financial institutions are going to have to get back into the habit of putting these [ATMs] in a well-managed environment.”

Roberts’ is crucial advice.  Make sure an ATM is physically well-protected and also in view of cameras. Insure that security physically inspects ATMs on a regular basis. Those are big steps towards preventing physical access and when that is blocked, so is Alice.

There’s more that can be done.

Moshe Ben-Simon, vice president of cybersecurity firm Trapx Labs, offered a tough-love regimen for making ATMs safer: “New best practices require that your ATM network defense be architected in such a way that you can find attackers that penetrate your network rapidly, have visibility into their intentions, and then shut down their activity decisively.”

Ben-Simon also advised setting up fake traps to ensnare crooks: “New security technologies allow you to deploy emulations that appear to attackers as fake ATMs, fake financial endpoints and fake financial servers. These can attract and trap attackers during the reconnaissance phase of their attack and prevent them from compromising the network.”

What the experts are saying is fact: your ATMs may be attacked in 2017. Prepare accordingly. And be ready to step in and stop network intruders before they do harm.

Better network monitoring coupled with more comprehensive physical monitoring of ATMs are two must take steps. But take them and these are giant steps towards ATM safety.

Robert McGarvey

Robert McGarvey

A blogger and speaker, Robert McGarvey is a longtime journalist who has covered credit unions extensively, notably for Credit Union Times as well as the New York Times and TheStreet, ... Web: www.mcgarvey.net Details