Thoughts On The First ATM Multivendor Malware Targeting Card Holders
With reference to the above link on SC Magazine, there are a couple things I find unclear about this threat – how does it get deployed, how does it get to the ATM? And how can the attacker steal the card if the ATM is at a guarded location?
Keep in mind that all ATMs also have a camera and DVR, which are independent from the ATM itself; hacking the ATM machine with this Trojan doesn’t mean owning also the camera. Yes, you could cover it up, I suppose, but wouldn’t that attract the very attention the attacker is attempting to avoid? Until these two questions are answered, I’m not too worried about this Trojan. Just yet. Hackers/attackers have plenty of other effective ways in which to steal my card information.
One recommendation I always give to ATM users – do NOT use those situated at gas stations or any other ATM that isn’t guarded and/or directly connected to a bank. Firstly, those at the gas stations are incredibly expensive – $5 per transaction at times – and absolutely unprotected. An ATM connected to a bank’s LAN or somehow directly connected to a bank (most likely via a VPN) is far more likely to be protected and, therefore, hard to hack.
So, beware where you use your card.