Last week Trend Micro wrote about a new ATM Malware Variant Alice. This discovery was unique, as this malware was found to have very specific goals, and very little interaction. This malware had been designed to allow a thief to view the bill count and denomination in the ATM, and specifically target those bills until the machine is empty.
My biggest take away from the Trend Micro write up was that the malware appears to require local access to the PC within the ATM for installation as well as interaction (the malware does not utilize the ATM’s PIN pad). To install this malware, the thieves are required to open the ATM, install the malware via USB, CD/DVD, or other removable media, and then use a keyboard they brought along (or was left in the ATM) to execute the limited commands.
What can you do to help prevent/detect an attack like this?
- Configure alarms on the ATM doors and have a process in place to monitor and respond to notifications
- Disable unnecessary devices / prevent device interaction
- Implement a process for physical inspections of all ATMs
- Restrict the execution of unknown files to privileged users
As always, I am interested in your feedback. Feel free to reach out on any of the social networks below!
The Personal Blog of Sean Goodwin 