Sophos warns of credit card skimming malware targeting ATMs:
…rumours about compromised cash machines in Russia infected with a Trojan that captures credit card details and distributes the captured details to attackers.
I decided to check in our malware database to see if there are any samples that reference Diebold, the manufacturer of ATMs allegedly targeted and found 3 recently acquired files.
Note that the subsequent analysis points to insider and/or physical access to the systems:
By uncovering code that appears to encrypt data and a possible alternative user interface it seems to me that the stolen data is encrypted, probably to allow the attackers to use “money mules” to retrieve the data in person.
This also indicates that attackers require physical access to cash machines to install the Trojan. Overall, the malware seems to be a work of a programmer with a good knowldege of the internals of Diebold ATMs.
While this blog says it looks to be isolated, Graham Cluley of Sohpos argues that this should be no surprise. He also quotes the Diebold response, which points a finger at their customers:
Diebold continually emphasizes the customers’ role in reducing the risk of attacks by following industry-standard security procedures related to managing physical access to ATMs, password management and software updates.
If Diebold’s customers actually are to blame for the compromise, rather than a design flaw that has been patched, then I think it fair to assume that the incident will not remain isolated.