How to protect your network just like a bank ATM
A report out from Talos on the state of ATM malware contains lots of tips on protecting these machines from malware, and they’re just as applicable to other industries.
It’s the 10-year anniversary of the first detection of ATM malware, and Cisco’s Talos threat intelligence arm released a blog post about the state of malware that targets ATMs on Thursday.
ATM malware has been a niche, but growing, trend in the past decade since the initial discovery of the Skimer family of malware, which was the first to target ATMs and force them to dispense cash without a bank card.
Since that time, Talos reported, 30 different families of ATM malware have emerged. Many of them bring unique attributes to the table: Some are designed to be DIY kits for entrepreneurial cybercriminals, while others bear the hallmarks of having been coded by nation state actors.
Some ATM malware requires attackers to gain physical access to the target machine, but other forms don’t even require a physical presence: As long as an attacker can break into a bank’s network and find the right machine, they can install malware and withdraw cash to their heart’s content.
Why ATM malware matters to businesses
Those not working in the banking industry may wonder why ATM malware matters to them, especially with most attacks happening outside the US in places like Latin America and Eastern Europe, where ATMs are often older and less secure.
ATM malware may not be a direct threat to those outside the banking industry, or those in places with good ATM security, but the tips that Talos gives on how to protect ATMs from malware are universally applicable, especially for organizations with computers accessible to the public.
There’s a long list of recommendations, and all of them are worth considering:
Ensure machines and all their related systems (servers, other machines on the network) are kept up-to-date.
Disable Windows AutoPlay
Configure the BIOS to prevent booting from USB or physical media
Set a strong BIOS password to prevent BIOS changes
Disable direct access to a computer’s desktop at a public-facing computer
Force RDP sessions to use multiple authentication factors
Reduce a system’s attack surface by removing all unnecessary apps and services
Monitor network traffic and physical integrity of machines
Encrypt the connection between machines and their hosts
Restrict access to, and electronically log, any opening of a machine’s cabinet/case
Ensure physical locations, network connections, and surrounding materials are physically safe and secure from tampering
Properly configure anti-malware apps and firewalls that machines connect to
Configure a software whitelist that prevents any unauthorized applications from being installed or run on a machine
Make sure the whitelist can’t be easily disabled, and log any attempts to do so
Enable device control so that any connected USB devices or other external hardware won’t function
Train employees on how to avoid accidentally installing malware
Segment your networks, both physically and logically, so that vulnerable machines are cut off from potential attacker entry points
Make sure network visibility is high: This can be a key part of sniffing out abnormal traffic
Monitor threat intelligence news to be sure you’re up on the latest threats
These tips apply to ATMs and public-facing machines, but also to employee workstations as well: Simple steps like whitelisting software, eliminating unnecessary apps, and preventing the use of hardware peripherals and external storage can go a long way to protecting a network and its sensitive contents.