GMV, 2011 FROM SKIMMING TO THE LOGICAL FRAUD, THE NEWCOMING ATM
RISK IT & Security Forum - Bucharest Bucharest, 11/10/2011
Reference: GMV-DESCOR-PR-0048
Slide 2
GMV, 2011 11/10/2011Pgina 2IT & Security Forum -
Bucharest
Slide 3
GMV, 2011 Traditionally, a lot of attention has been paid to
protect ATMs and their users: o Extensive deployment of physical
security controls such as anti- skimmers, o Physical manipulation
of ATMS is becoming more and more difficult for criminal gangs, o
As a result criminal gangs are looking for riskless &
sustainable sources of revenue. MALWARE: A GROWING THREAT FOR ATM
11/10/2011Page 3IT & Security Forum - Bucharest The arrival of
MS Windows and IP networks has introduced a new and severe hazard
for ATMs security very difficult to detect: Malware. The world is
experiencing a paradigm shift regarding ATM attacks: o Attacks
against ATMs using Malware is a clear trend in Eastern Europe and
Latin America, and is becoming a reality in most advanced
countries.
Slide 4
GMV, 2011 Purpose of the Malware can be either to get cards
data or ATM cash. Difficult to detect: Many security incidents in
ATM networks provoked by malware infection are currently not being
detected. Difficult to prosecute the criminals. Malicious Software:
o To infect the ATM there are several options: direct access to the
ATM (maybe by maintenance personnel) to install malicious software
or injecting it over the network. o Developing this kind of malware
is not a sophisticated task, specially for a well known open
systems like Windows. o As an example, Skimer malware expanded in a
few countries at the end of 2008. By means of a particularly built
card, they were able to instruct the infected ATM to dispense cash.
Lost cash was impossible to trace. o In the very near future this
type of malware is expected to behave as a worm and be able to
self-replicate in an ATM network. 11/10/2011Page 4IT & Security
Forum - Bucharest MALWARE: A GROWING THREAT FOR ATM
Slide 5
GMV, 2011 ATM network managers are facing the urgent need to
install security controls against Malware. Traditional PC security
vendors are adapting their antiviruses for ATMs. But traditional
antivirus technology does not fit ATM security needs: o Classical
antivirus yields on pattern based recognition algorithms: o No
protection against new Malware attacks. o Need to continuous
updating of a blacklist full of Malware designed for desktop PC. o
They consume a lot of processing resources incompatible with ATM
application required time of response. o Malware is evolving to use
self-compiling technologies that result in customized versions with
unique patterns, so that all instances of the malware look
different for a classical antivirus. TRADITIONAL ANTIVIRUSES DONT
WORK 11/10/2011Page 5IT & Security Forum - Bucharest
Slide 6
GMV, 2011 ATMs configuration and resources remain very stable.
ATMs require one integrated security solution that does three
simple tasks: o Generation and management of ATM-specific security
policies, that could automatically be translated into rules for
security controls. o Enforce these rules using one single, low
footprint security process in the ATM. o Centralized monitoring of
compliance, including all required audit features. An even more,
the concept must evolve only following a roadmap suited to the
needs of ATM networks and not constrained by the requirements
coming from the huge desktop market. ATMs REQUIRE AN SPECIFIC
APPROACH 11/10/2011Page 6IT & Security Forum - Bucharest
Slide 7
GMV, 2011 Protection against unauthorized software execution: o
Since an ATM is a well understood, controlled and stable
environment, this should be achieved by means of white listing
technology. o Permitted execution of software only when it is
included in a so called white list, as opposed to black listing,
which is the current antivirus technology. Protection against
unauthorized use of libraries and drivers. Protection against
unauthorized access to ATM hardware devices. Protection against
unauthorized access to ATMs files and folders. Protection against
unauthorized execution of Java code. Integrity validation of
executable files, libraries and drivers. Integrated Firewall to
control communications on a per process basis. Configurable
keyboard hook. Prevention of generic users and weak passwords.
11/10/2011Page 7IT & Security Forum - Bucharest SECURITY
POLICIES
Slide 8
GMV, 2011 CHECKER ATM SECURITY BY GMV
Slide 9
GMV, 2011 CHECKER ATM SECURITY 11/10/2011Page 9IT &
Security Forum - Bucharest Checker ATM Security is the first ever
security product custom designed to protect ATM platforms and
networks. Ensures a high-security ATM environment based in white
listing technology to control processes, applications, libraries,
devices, directories, communications and files integrity. Provides
centralized management and alarms monitoring of ATM's security
Checker ATM Security supports PCI-DSS compliance.
Slide 10
GMV, 2011 Multinational conglomerate founded in 1984. Offices
in Spain, Portugal, Poland, USA, Germany, Romania and Malaysia.
Customers in five continents, Over 1,000 employees all over the
world. Roots tied to the Space and Defense industries, currently
operating also in Security, Aeronautics, Transportation, Healthcare
and ICT industries. Technology Leadership: o Leader in security
systems for ATMs. o Ranked #1 Worldwide as Satellite Control Centre
provider (Over 230 Satellite missions worldwide have used or are
using GMV technology). o Only European company working in the
ground segment of NASA. o Main responsible of safety critical
systems of European GNSS systems (EGNOS and Galileo). o Since 1994
GMV is leader in GPS based telematic systems for the transport
sector. GMV: A TECHNOLOGY MULTINATIONAL 11/10/2011Page 10IT &
Security Forum - Bucharest