ATM/PoS Malware: How Dangerous Are They

ATM attacks are not something new to us. It’s been a while, we have been witnessing a lot of such attacks. And being a smart user, it’s always a good practice to keep ourselves up to date with all the recent security and privacy threats to bank accounts and the devices revolving around it constantly. 

ATM functions differently than other electronic devices in the IT space and so do the attack methods used to exploit the most secured devices. In this article, we will be blazing through different malware attacks and a few past incidents to understand the same in-depth.

What is Malware?

Malware is any piece of program that is intentionally designed to cause damage to a computer, server, client, or computer network. 

Also Read: What Is Ransomware? What Are The Types Of Ransomware?

About ATM/PoS Malware And Attacks

ATMs are usually very secured and receive regular security updates from the respective vendors. But due to below possible reasons, some ATM machines might be running on an older system without security patches,

  • Regular use of out-dated Operating system and lack of upgrade in the operating system (Think of ATMs still running on WindowsXP, just an example).
  • Major changes to the software running on the ATMs need to be approved by the ATM vendors and failing in this step leads to a void of warranty and unverified software upgrade leads to a higher possibility of ATM attacks.
  • Location plays a vital role when it comes to the security of ATMs. Due to the lack of physical security in remote and isolated locations, provides direct access to attackers. Attackers often target such locations.

Outdated and old software means unpatched vulnerabilities that a cyber attacker can exploit and isolated areas make it easier for criminals to gain physical access to the internal ports of the motherboard to exploit ATMs. This is typically possible for the old ATM machines located in remote and isolated locations with a very low budget or no budget for periodic ATM upgrades. When we combine the above points you can see the security threat and the loss that attackers can cause to a financial institution and to be more specific the customers of the banks.

Also Read: How Cloud Backup Can Protect Against Ransomware?

It has been noticed that in the past few years, there has been an increase in the number of ATM attacks by particular active families who target systems around the globe with the sole purpose of either stealing customers’ information or funnelling funds directly from the bank. The pattern was studied by Kaspersky Security Network (KSN) to detect the top ten countries that had the highest count of unique devices affected by ATM/POS malware and were relatively scattered around the planet. 

Malware like ATMJackpot that affect Taiwan ATMs and banks in 2016, WinPot in Eastern Europe in 2018, Ice5 in Latin America, and ATMTest, Peralta, ATMWizX, ATMDtruck, all were new families that went on affecting a huge number of devices. 

Also Read: How To Enable Controlled Folder Access For Ransomware Protection On Windows 10?

The top ten countries that were involved in unique devices that encounter by ATM/PoS malware in 2018 were Russia, Brazil, Italy, United States, Vietnam, India, Thailand, Germany, Turkey, and Iran in descending order. While, in 2019, more or less, with a little variation the countries remained almost the same. The list of the countries in descending order are as follows: Russia, Iran, Brazil, Vietnam, India, Germany, United States, Italy, Turkey, and Mexico. Thailand managed to escape the list, however, the overall number of affected devices increased. 

What Is The future?

Like every other malware, ATM/PoS malware will only continue to thrive with advancements and we will continue to monitor it. 

A group in Latin America is trying to sell their ATM malware which they custom develop for each vendor. And since such scope is increasing, the risk is growing along with it. Even countries in Europe and as well as the APAC region are the primary area of interests for the ATM attackers. Owing to the frequency of ATM machines and the amount of cash they hold, the threat to them is also equivalent. 

A multi-step comprehensive approach to be taken up by financial institutions to combat ATM/PoS malware attacks:

ATMs are an inevitable part of banking. No matter where the digital world goes, the requirement of an ATM will always continue. You cannot definitely control the attack on a machine, but certainly can take steps to prevent the same. Close monitoring and detecting the slightest suspicious activity will land you in a better place after all.

  1. Considering all the attack possibilities in a given area as per the network architecture is extremely important. As that is how you can keep updated or plan a model to monitor the activities.
  2. Keeping the machines up to date and checking for the up-gradation of Operating Systems will help in the long run. If at all re-installing is difficult, keeping the threat model in mind, the security should be planned out well and in such a way that it doesn’t compromise the productivity of the machine.
  3. Like carrying out tests in a school, regular security scans and tests should be carried out to assess the ATMs and keep away any threat if coming from the cyber attackers. 
  4. Not only the software solutions but also looking into physical safety is as important as it is, to check for any abnormal elements if installed by attackers physically.
  5. Consider using a security solution that can protect the machine from different kind of attack vectors. 

Interesting Read: What Is Botnet? How Do Botnets Work?

Since PoS terminals are slightly different than the ATMs, along with the above-mentioned points a few more things have to be taken care of, such as:

  1. Windows-based PoS are often more powerful than ATMs, however, at the same time, they can offer greater spaces for the malware to run. Hence, multi-layered security protection is a must needed application.
  2. Device control in PoS is more required as the threat is equivalent for they don’t have the heavy armor as that of the ATMs.
  3. PoS not only deals with financial data, but also personal data processing which pulls more attention by the attackers. Log inspection and file integrity monitoring are the essential keys to be followed to deal with the threats.
  4. These systems also need network-level security. Using secure gateways and firewalls that are capable of detecting and blocking undesired communications is also essential to be applied both inside and outside of the company’s infrastructure.

With ever-evolving technology, the crime will increase and the cyberattackers will continue in the game, but it is our responsibility first to be well armed against any kind of threat.


Ankita Mohanty is a Software Engineer who has the passion for content creation, tech and travel. She believes in that there's nothing in this world that's unachievable when you work hard for it.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.