Sophisticated Skimer Malware Attacks ATMs Subtly
Cyber criminals have unleashed a more sophisticated version of the Skimer ATM infector that threatens the ATM security`s . The Skimer malware was first detected in 2009 and it is making a comeback with more disastrous effects that demonstrate the advanced skills of the cyber criminals.
The latest Skimer that has surfaced in 2016 is a Trojan backdoor malware that specifically targets bank ATMs. It, however, acts very subtly. The malware remains dormant within an ATM even it infects the equipment. The initial infection is carried out by physical means or by compromising the bank’s network. Once an ATM security is compromised, the malware infects the system code that takes care of the command interaction between the bank’s servers, cards, and the ATM. This sort of gives the malware a near-absolute access. The ATM itself becomes a Skimer. The breach makes it possible for hackers to steal customers’ bank data contained in cards, ATM pins, and siphon off their bank accounts.
The modus operandi of Skimer lies in the fact that it doesn’t activate unless it gets a control message prompt from its owner, which is why it remains highly undetected. In the meantime, however, the malware keeps gathering customer data and prepare it to send it to the hacker.
Skimer in Action
When cyber criminals decide to target an ATM , they inject the malware by manually inserting a tailor-made ATM card that contains a set of malicious scripts. The codes allow them to download customer card data as long as they wish. This card data is then used to create cloned cards so that the cybercriminals can perform monitory transactions for purchasing goods or making cash withdrawals at locations not connected to the ATM. This removes Skimer’s chances of raising any alarm in an infected ATM. Many hackers also sell such card data in the underworld market. The malware also allows criminals to withdraw cash from the ATM, but it would expose the existence of some kind of problem in the ATM.
Earlier Attacks by Skimer
The Skimer was detected in numerous attacks between 2010 and 2013. Various malware of the Skimer family did their rounds and ATMs faced widespread attacks. Lately, cyber criminals have made major modifications to the older Skimer codes, arming it with more subtle, devastating potential. The present Skimer version has been widely observed across the globe.
ATM Security Against Skimer-Style Attacks
The sophistication of Skimer malware showcases criminals’ good understanding of ATMs, their functioning, and the banking network. As is apparent, such a low-key malware that can steal all the money in an ATM is very dangerous. The nature of attack also portrays the vulnerability of machines and devices that can read data from magnetic stripes when users swipe their cards because the code to activate Skimer is essentially embedded in a card’s magnetic stripe. After the discovery of the data stealing malware, though, banks are taking active measures to trace and remediate infected machines, while equipping other ATMs with the necessary web security tools.
Effective device management software, encryption of data on disk and routine scanning of the endpoint device with an updated endpoint security could help mitigate Skimer-styled malware attack in uninfected ATMs.