« AT&T Adds Worm And Virus Protection To Firewall Service | Main | Morris Worm Turns 16 Years Old »

ATM's At Risk from Future Worm Outbreaks

New analyst report, new product. Obviously coordinated but interesting nonetheless.

The new generation of Automatic Teller Machines (ATMs) are migrating from the IBM OS/2 operating system to Microsoft Windows and IP networks. This saves costs and enhances customer services. But, it also means ATMs are now at risk from virus and worm attacks.

Previously isolated cash machines can now be infected by self- launching network viruses via the banks' IP networks. Infections have the potential to bring down ATM machines, incurring downtime, customer dissatisfaction and increased costs fixing infected machines.

Source: ATMs in danger from virus attacks - how serious is the threat?, Monday, October 18, 2004.
Network worm attacks continue to cause serious security problems for banks, which increasingly deploy mission-critical devices such as ATMs and self-service kiosks on TCP/IP networks and Windows platforms. These attacks are much more difficult to contain now that institutions have moved away from proprietary infrastructures; they proliferate so quickly that just a few infected devices can cause crippling system downtime. For example, the 2003 Slammer attack brought down a U.S. ATM network and severely affected a Canadian bank. These attacks can jeopardize a bank's self-service business model, undermine trust and damage the customer experience.

Source: Trend Micro Appliance Gives Banks Network Worm Protection, 1 November 2004, Maria Luisa Kun (Gartner).

Recall that SQLSlammer affected Bank of America's ATM connectivity in January, 2003, as did the blaster worm, which struck ATMs powered by Windows XP embedded.

Obviously someone was set to capitalize on it, and Trend Micro is filling that need. The Trend Micro Network VirusWall 300 is an appliance designed for distributed, embedded systems and is targetted at protecting bank ATMs. It is unclear as to how exactly this product achieves it's stated mission of "proactive" worm defense, and if it uses signatures or other forms of analysis to detect malicious payloads or if it's a simple policy firewall that restricts access to trusted and known systems. These two scenarios both contain risks, obvioulsy, when a new worm outbreak occurs.

November 1, 2004 in media | Permalink
Tell others: digg submit | del.icio.us this | Reddit


TrackBack URL for this entry:

Listed below are links to weblogs that reference ATM's At Risk from Future Worm Outbreaks:


Post a comment