Scribd
Upload
500 views2 pages

ATM Malware - A Brief Description PDF

ATMs commonly use customized versions of the Windows operating system. Malware attacks on ATMs have been occurring since 2013, with various variants emerging globally. These attacks are typically carried out through licensed malware software purchased from criminal masterminds. There are four main vectors for these attacks: 1) compromising the OS hard drive offline, 2) injecting malware onto the OS hard drive while booted, 3) directly connecting an external "black box" to the dispenser module, and 4) man-in-the-middle attacks on the ATM network. Protecting unattended ATMs requires understanding and guarding against these attack vectors.

Uploaded by

nishma bhandary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
500 views2 pages

ATM Malware - A Brief Description PDF

ATMs commonly use customized versions of the Windows operating system. Malware attacks on ATMs have been occurring since 2013, with various variants emerging globally. These attacks are typically carried out through licensed malware software purchased from criminal masterminds. There are four main vectors for these attacks: 1) compromising the OS hard drive offline, 2) injecting malware onto the OS hard drive while booted, 3) directly connecting an external "black box" to the dispenser module, and 4) man-in-the-middle attacks on the ATM network. Protecting unattended ATMs requires understanding and guarding against these attack vectors.

Uploaded by

nishma bhandary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

ATM & its Operating System

Most ATMs in the world have a computer system which designed to work 24x7 and
are loaded with Microsoft Windows Operating System. These are very similar to the
desktop operating system with special customization and some of the security
additions like firewall protection, hardened operating system etc.

Jackpotting or Malware Attack on ATMs

ATM compromise due to Malware is now nearly 7 years since first reported in
Mexico in 2013. There are number different variants of ATM attack happened across
the globe since then. Fraudster / attacker come prepared to attack target ATM and is
done through a crime syndicate. These Malware are typically a licensed software
provided by the mastermind and front runner need to pay for the license key each
time when a single ATM to be compromised.

Most often traces of the malware is left behind at the ATM and when a detailed
study of the ATM logs or a forensic investigation of the impacted ATM hard disk
drive (HDD) is carried out details are available how the attack is carried out.

Based on our past study of these attacks until now, there are 4 different vectors of
attack in any make of the ATM we have seen globally. These are

1) ATM Attack where OS HDD is offline and fraudster boots ATM through an
alternative media and manipulate the OS HDD data and inject malware. Post
this ATM is made to boot as usual and creating a unique interface with
malware window and give command to dispense cash unauthorizedly

2) ATM attack where OS HDD booted and by logging in as Windows local admin,
a malware is injected into the HDD. Similarly, a malware may come through
the network ports or devices connected in the network. Once ATM is
compromised through the malware fraudster interfaces with it to give direct
command to dispense cash unauthorizedly
3) Black Box attach where ATM PC Core is not used to attack rather ATM
dispenser is directly connected to a black box (a PC or a laptop or
smartphone) and dispense command is given to the dispenser module.
There will not be any record in the ATM for such dispenses as ATM PC Core is
not used to compromise here

4) Man-In the -Middle Attack. In this vector, ATM network is compromised, and
malware could make changes to the data being communicated between ATM
and financial switch or a device put between the network points to give an
unauthorized approval for a transaction without hitting actual banks financial
system

All above 4 vectors of attack requires a thorough understanding and implement a


protection mechanism so that ATM which is deployed in an unattended location is
protected from these types of attacks. ATM manufactures do keep sending mailers
to educate the customers so that they can take appropriate precautions and protect
cash in ATM. These details are also published in the company websites and can be
sent across as may be required.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy