Kaspersky Security is warning financial institutions regarding highly sophisticated ATM malware where a thief knowing the right input codes can steal money directly from the ATM itself


QUOTE:  This ATM based malware attack uses several sneaky techniques to avoid detection. First of all, it is only active at a specific time at night.  It also uses a key based on a random seed for every session. Without this key, nobody can interact with the infected ATM.  When the key is entered correctly, the malware displays information on how much money is available in every cassette and allows an attacker with physical access to the ATM to withdraw 40 notes from the selected cassette.

Now we are seeing the natural evolution of this threat with cyber-criminals moving up the chain and targeting financial institutions directly.   This is done by infecting ATMs directly or direct APT-style attacks against the bank.  The Tyupkin malware is one such example of attackers moving up the chain and finding weaknesses in the ATM infrastructure.

General advice for on-premise ATM operators

* Ensure the ATM is in an open, well-lit environment that is monitored by visible security cameras.
* The ATM should be securely fixed to the floor with an anti-lasso device that will deter criminals.
* Regularly check the ATM for signs of attached third-party devices (skimmers).
* Be on the lookout for social engineering attacks by criminals who may be masquerading as inspectors or security alarms, security cameras or other devices on premises.
* Treat intruder alarms seriously and act accordingly by notifying law enforcement authorities of any potential breach.
* Consider filling the ATM with just enough cash for a single day of activity.