ATM Malware Attacks Reach North America

December 5, 2014
Atm Person Inserting Card

A recent NCR Security Update has confirmed that last month there was a malware attack on multiple ATMs in Canada.

Further research has shown that the malware attack was a variant of the known “Tyupkin” attacks that have been running rampant across Russia and Europe alike. This attack is the first confirmed malware attack of this type seen on this side of the Atlantic and likely will not be the last.

The NCR Corporation has been working diligently with the affected financial institution and their infected ATMs to remove any trace of the uploaded malware. In addition, they are applying many of the recommended security provisions that are outlined in this release.

The NCR Corporation and Case Financial highly recommend that all ATM owners and operators engage in immediate proactive efforts to arm their deployments with the highest level of security available to thwart these types of malware attacks before they hit the United States.

NCR Recommendations Delivered by Case Financial 

Priority Level I:

  • Disable all auto-play features
  • Prevent the ability to boot directly from a USB drive or other multimedia device
  • Password protect your ATM BIOS editing abilities

Priority Level II:

  • Implement effective password management policies
  • Deploy an Anti-Virus Program on your ATM fleet with priority to those that utilize “Whitelisting Technology” such as the Solidcore Suite for APTRA
  • Implement Encrypted Communications channels to and from your ATM (SSL or VPN)
  • Establish a Firewall
  • Implement a policy for secure software updates and patch implementations

Priority Level III:

  • Remove Unused Applications
  • Ensure that the application runs in a locked down account with minimum privilege requirements
  • Define differing user account for different privileges
  • Deploy a real-time fraud system that identifies certain suspicious patterns of behavior
  • Monitor fraud across all delivery channels
  • Utilize Anti-Skimming and “Top-Box” Security Alarms
  • Utilize other prevention and deterrence methods such as appropriate video cameras, signage, and lighting.

Video: How does ATM Malware work?

Video: Live “Tyupkin Malware Attack!” 

If you are interested in more information about any of the remedies or recommendations seen here, please feel free to contact a member of our team.