RSS Alerts

Related Links

Related Stories

  • Complex Information Security Compliance for Multinational
    Multinational companies in North America face a raft of red tape in terms of compliance and regulatory issues, as well as the uphill task of dealing with the complexities of international IT systems and resources. Steve Mansfield-Devine asks how companies can stay within the regulatory confines of relevant information security legislation without compromising profitability
  • File Reputation Comes of Age
    Using reputation in the security field makes users safer. Danny Bradbury takes a look at file reputation technology, and finds that if carefully managed and skillfully honed, it can be a useful addition to a security suite
    Sponsored Content
  • Trustwave report reveals companies making same old mistakes
    Compliance and security service provider Trustwave has released its 2010 Global Security Report. The company has found that companies are still suffering from attacks using familiar exploit types that have been around for years. Organizations are implementing new technologies without securing existing ones, the report found.
  • Weekly Brief - June 8 2009
    Information security: Privacy, enforcement, attacks, and defenses
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace

News

ATM malware likely to spread

23 June 2009

The malware that has been infecting automated teller machines in eastern Europe could be about to spread to other places in the world, according to the company that uncovered the fraud. Experts at SpiderLab, the research arm of security firm Trustwave, say that there is "increased activity" around this particular strain of malware in other parts of the world.

"There is indication that there is activity around this network in other parts of the world. It's likely not to just stop here," said Nicholas Percoco, vice president of consulting at Trustwave. "Hopefully it does - the alerts that we have sent out will cause other banks to secure their systems - but there is an indication that there is activity around this region, around the same type of malware,"

Trustwave detected the software on ATM devices located in Eastern Europe last month. The malware is designed to allow third parties to control different aspects of the machine's operation, including the gathering of sensitive data from the magnetic stripe on the card. It is also possible to use the software to force an ATM to dispense all of the cash stored in its cassette.

The malware was produced by a developer serving an organised team, according to experts from the company. It codifies roles and responsibilities with different privileges, accessed using different trigger cards, with identity data designed to specify the holder's role codified on the magnetic strip.. "If they were all the same person, then it wouldn't make sense to put all of these different roles and responsibilties in the malware," said Percoco.

Peracoco explains that there are different types of card. A single-use card enables a presumably lower-ranked individual within the organised crime team to carry out basic reporting and monitoring functions. A multi-use card enables the holder to carry out more actions, on a repeated basis. The command to dispense the cash cassette is contained on the multi-use card, but is granted only after the account holder has satisfied a challenge/response request.

The software would most likely have been installed by someone with physical access to the ATM, said Percoco, adding that the ATMs were exclusively Windows-based, and were older machines.

"The systems we looked at were older systems, and they were not classified as your PCI compliant ATMs," said Percoco, arguing that in newer systems, tamper-proofing and encryption key management are performed more effectively.

Significantly, Alistair Kelman, a barrister specialising in financial fraud, argues that many older ATMs were sold off by banks in developing countries as they modernised their own equipment. "When we finally got around to upgrading our systems, instead of selling off their old machines as scrap, they sold them off to developing countries as an ideal system for them to use, because they didn't feel that people in developing countries had the skill sets to require top-end security," he says.
 

 

This article is featured in:
Compliance and Policy Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water