Transcript Slide 1

IT & Security Forum - Bucharest
FROM SKIMMING TO THE
LOGICAL FRAUD,
THE NEWCOMING ATM RISK
Bucharest, 11/10/2011
Reference: GMV-DESCOR-PR-0048
© GMV, 2011
IT & Security Forum - Bucharest
11/10/2011
Página 2
© GMV, 2011
MALWARE: A GROWING THREAT FOR ATM

Traditionally, a lot of attention has
been paid to protect ATMs and their
users:
o Extensive deployment of physical
security controls such as antiskimmers,
o Physical manipulation of ATMS is
becoming more and more difficult for
criminal gangs,
o As a result criminal gangs are looking
for riskless & sustainable sources of
revenue.

The arrival of MS Windows and IP networks has introduced a new and
severe hazard for ATMs security very difficult to detect: Malware.

The world is experiencing a paradigm shift regarding ATM attacks:
o Attacks against ATMs using Malware is a clear trend in Eastern Europe and
Latin America, and is becoming a reality in most advanced countries.
IT & Security Forum - Bucharest
11/10/2011
Page 3
© GMV, 2011
MALWARE: A GROWING THREAT FOR ATM
Purpose of the Malware can be either to get cards data or ATM cash.
 Difficult to detect: Many security incidents in ATM networks provoked
by malware infection are currently not being detected.
 Difficult to prosecute the criminals.
 Malicious Software:

o To infect the ATM there are several options:


direct access to the ATM (maybe by maintenance personnel) to install malicious
software or
injecting it over the network.
o Developing this kind of malware is not a sophisticated task, specially for a well
known open systems like Windows.
o As an example, “Skimer” malware expanded in a few countries at the end of
2008. By means of a particularly built card, they were able to instruct the
infected ATM to dispense cash. Lost cash was impossible to trace.
o In the very near future this type
of malware is expected to behave
as a “worm” and be able to
self-replicate in an ATM network.
IT & Security Forum - Bucharest
11/10/2011
Page 4
© GMV, 2011
TRADITIONAL ANTIVIRUSES DON´T WORK

ATM network managers are facing the urgent need to install security
controls against Malware.

Traditional PC security vendors are adapting their antiviruses for
ATMs.

But traditional antivirus technology does not fit ATM security needs:
o Classical antivirus yields on pattern based recognition algorithms:
o
No protection against new Malware attacks.
o
Need to continuous updating of a blacklist full of Malware designed for desktop PC.
o They consume a lot of processing resources incompatible with ATM
application required time of response.
o Malware is evolving to use self-compiling technologies that result in
customized versions with unique patterns, so that all instances of the
malware look different for a classical antivirus.
IT & Security Forum - Bucharest
11/10/2011
Page 5
© GMV, 2011
ATMs REQUIRE AN SPECIFIC APPROACH

ATMs configuration and resources remain very stable.

ATMs require one integrated security solution that does three simple
tasks:
o Generation and management of ATM-specific security policies, that could
automatically be translated into rules for security controls.
o Enforce these rules using one single, low footprint security process in the ATM.
o Centralized monitoring of compliance, including all required audit features.

An even more, the concept must evolve only following a roadmap
suited to the needs of ATM networks and not constrained by the
requirements coming from the huge desktop market.
IT & Security Forum - Bucharest
11/10/2011
Page 6
© GMV, 2011
SECURITY POLICIES

Protection against unauthorized software execution:
o Since an ATM is a well understood, controlled and stable environment, this
should be achieved by means of white listing technology.
o Permitted execution of software only when it is included in a so called “white
list”, as opposed to “black listing”, which is the current antivirus technology.

Protection against unauthorized use of libraries and drivers.

Protection against unauthorized access to ATM hardware devices.

Protection against unauthorized access to ATM’s files and folders.

Protection against unauthorized execution of Java code.

Integrity validation of executable files, libraries and drivers.

Integrated Firewall to control communications on a per process
basis.

Configurable keyboard hook.

Prevention of generic users and weak passwords.
IT & Security Forum - Bucharest
11/10/2011
Page 7
© GMV, 2011
CHECKER
ATM SECURITY®
BY GMV
© GMV, 2011
CHECKER ATM SECURITY®
Checker ATM Security© is the first ever security product
custom designed to protect ATM platforms and networks.
Ensures a high-security ATM environment
based in white listing technology to control
processes, applications, libraries, devices,
directories, communications and files integrity.
Provides centralized management and
alarms monitoring of ATM's security
Checker ATM Security© supports
PCI-DSS compliance.
IT & Security Forum - Bucharest
11/10/2011
Page 9
© GMV, 2011
GMV: A TECHNOLOGY MULTINATIONAL





Multinational conglomerate founded in 1984.
Offices in Spain, Portugal, Poland, USA, Germany,
Romania and Malaysia.
Customers in five continents, Over 1,000 employees
all over the world.
Roots tied to the Space and Defense industries,
currently operating also in Security, Aeronautics,
Transportation, Healthcare and ICT industries.
Technology Leadership:
o Leader in security systems for ATMs.
o Ranked #1 Worldwide as Satellite Control Centre
provider (Over 230 Satellite missions worldwide have
used or are using GMV technology).
o Only European company working in the ground segment
of NASA.
o Main responsible of safety critical systems of European
GNSS systems (EGNOS and Galileo).
o Since 1994 GMV is leader in GPS based telematic
systems for the transport sector.
IT & Security Forum - Bucharest
11/10/2011
Page 10
© GMV, 2011
CHECKER ATM SECURITY®
Checker ATM Security© demo
IT & Security Forum - Bucharest
11/10/2011
Page 11
© GMV, 2011
Thanks!
www.gmv.com
© GMV, 2011