More details on the Diebold ATM Trojan horse case

Yesterday, Vanja Svajcer of SophosLabs described how he had discovered malware which appeared to be designed to steal information from users of Diebold ATM cash machines. I also published some discussion here on the Clu-blog about how the Trojan horses could potentially be exploited by a criminal gang.

Last night, Vanja and I spoke to Bob McMillan, a journalist who had seen me post on Twitter about our discovery, who then went one stage further and uncovered that Diebold had contacted customers in January warning them about the urgent security threat to their systems.

Urgent security advisory from Diebold regarding ATM malware

Diebold issued an update to its ATM software, and recommended that it be installed on all of its Windows-based ATMs globally. According to the company, the update should prevent the Skimer-A Trojan horse from successfully stealing information from cash machine users.

Sign up to our free newsletter.
Security news, advice, and tips.

In addition, they confirmed that hackers from Russia had attempted to plant the malicious software on ATMs in an audacious attempt to steal money. What isn’t publicly known yet is how the hackers – who have been apprehended according to Diebold – managed to gain physical access to a number of ATMs in Russia.

Was it a breach in security along the supply-chain that delivers ATM hardware to banks, or an inside job? All Diebold has said so far is that there was not a network-level security compromise.

In a cover letter which accompanied the critical security update, Diebold reminded customers to follow best practices to minimise the chances of security breaches:

"This latest offense against Diebold ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime. Security is one of Diebold's absolute priorities and our engineers are working constantly to address emerging ATM security threats. Diebold continually emphasizes the customers' role in reducing the risk of attacks by following industry-standard security procedures related to managing physical access to ATMs, password management and software updates."

My opinion is that we shouldn’t be that surprised that some hackers might now be targeting the ATMs directly, rather than just the bank customers using the internet to manage their online finances. After all, as legendary American robber Willie Sutton answered when asked why he robbed banks, “that’s where the money is.”

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.