British banks have been warned their ATMs could soon be vulnerable to a cyber attack.
The FBI has warned international banks, including Barclays and HSBC, that cybercriminals are jointly planning a malware attack on cash machines.
“Hacking cash machines is the latest of cyber attack threats. Cash machines run on operating systems like Windows/Linux and if these are not up-to-date with security patches then they are equally vulnerable to security threats like any other publicly accessible websites,” comments Sudeep Chatterjee, Head of Testing, Bank of America Merill Lynch.
“Protecting cash machines should be prominent as part of any organisations security strategy, in order to manage confidentiality, integrity and availability.”
According to the FBI, UK banks could fall victim to millions of dollars being withdrawn from their cash machines. Nevertheless, small, independent banks that supply debit cards are more likely to be at risk because of having fewer security systems and procedures in place.
Security testing strategies
Chatterjee continues: “From a security testing perspective, organisations should have ATM testing policies in place, like ‘Point of Sale’ machines, which go through a robust end-to-end functional, performance and security testing cycle for application change, as well as O/S upgrades.
“Periodic penetration testing and ethical hacking are other security testing strategies banks should look to adopt, if they haven’t already. It’s important financial services regularly check their ATM machines to ensure they’re not vulnerable.
“Besides software on cash machines, security policies must cover cash machine hardware and have regular PATs (product acceptance tests) to certify it’s not hacked by planted devices, which typically consists of video camera’s cloning bank cards and pins.”
Furthermore, it isn’t just UK banks who should take Chatterjee’s advice into consideration. Last weekend, another unlimited operation hit India’s Cosmos bank which led to criminals withdrawing millions of dollars from ATMs in 29 countries within just two hours.
Chatterjee also notes that, with over 1000 bank branches being closed on high streets each year, there is more reliance on cash machines for banking customers to interact with the banks, which is why it’s paramount banks’ ensure cash machine security is their number one priority!
Written by Leah Alger