"ATM and Point-of-Sale Terminals Malware: The Bad Guys Just Never Stop!"

If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it.

Researchers at Russian security firm Group-IB say that customers from some of the largest US banks have been affected by malware that steals credit card data directly from ATMs as well as point-of-sale (POS) terminals found at regular retailers. Cyber-crooks are infecting the Operating System that powers ATMs and point-of-sale terminals with malware capable of stealing financial data.

The business model behind going directly to the source is efficient because criminals only need to compromise a few ATMs to collect hundreds, if not thousands, of credit card numbers which can immediately be sold on the black market.

Quelle: http://blog.malwarebytes.org vom 27.05.13

Let’s not forget that ATMs and POS terminals run computers, with the traditional CPU, RAM and HDD and Operating System (Windows/Linux). If that makes you cringe, some are still running old and unpatched Microsoft Windows XP versions.

Those systems are wired to other networks and the Internet (for some cool but risky remote login features), so it’s not big surprise that they can be probed by doing network scans as well as using brute force techniques to login externally. Given that many people (re)use weak passwords this is like stealing candy from a baby.

Wo immer es möglich ist, Geld zu machen, wird es auch gemacht. Daher ist nicht zu erwarten, dass eine zunehmende Vernetzung unserer Infrastruktur davon verschont bleiben wird.