The cash machine network may be prone to a serious hacking
attack, banks have been warned.
SpiderLabs, the security team at
Trustwave responsible for
incident response and forensics, ethical hacking and application
security tests, has investigated security breaches on automated
teller machines (ATMs) running Windows XP over the past few months
and found the same malware residing on the breached machines.
"This malware is unlike any we have ever had experience with. It
allows the attacker to gain complete control over the ATM to obtain
track data, Pins and cash from each infected machine," TrustWave
said.
TrustWave found that the malware enables an attacker to steal
card data from the ATM's receipt printer or by writing the data to
an electronic storage device (possibly using the ATM's card
reader). It also discovered code indicating that the malware could
eject the cash dispensing cassette.
"We believe the current attack vector is an early version of the
malware sample, and future attacks will add functionality such as
propagation via the ATM network. If an attacker can gain access to
one machine, the malware will evolve and propagate automatically to
other systems."
Approximately 20 ATMs have been compromised, primarily located
in Eastern Europe. TrustWave expected the attack to spread to the
US and other regions of the world.
This is not the first time a flaw has been found in cash
machines. In January, Cambridge University published a paper on a
flaw in chip and Pin readers.