OREANDA-NEWS. Kaspersky Lab announces the availability of Kaspersky Embedded Systems Security, a targeted enterprise-grade solution designed to protect ATMs, Point-Of-Sale systems and point of service machines. Aimed at protecting a diverse variety of Windows-based platforms, handling the most sensitive financial operations, Kaspersky Embedded Systems Security brings world-leading detection capabilities as well as new specialized security options.

ATM threats: physical + virtual

Financial organizations report that the most prevalent threats targeting their ATM fleets are of a physical nature, including skimming and ATM theft. However, cyberthreats or attacks on a software level are catching up: banks are reporting an increasing number of incidents involving ATM malware. This aligns with our threat intelligence: Kaspersky Lab observes dedicated ATM malware starting from 2009. The most recent example actually replaces hardware card skimmers, but also allows attackers to force the infected ATM to dispense cash. One of the most damaging cybercriminal campaigns of 2014-2015, known as Carbanak, also included cash dispensing functionalities as well as other ATM-targeted malware. This year we have observed the rapid development of these high-tech bank robberies.

Unique hardware and compliance specifics

Although ATMs and Point-of-Sale terminals are very diverse, they share similar qualities. Typically these machines are dedicated to one specific task and carry a very limited number of software. Most likely these machines are limited-performance computers, often running outdated operating systems and software like Windows XP. It is also likely for ATMs to connect to the network via slow 3G and wireless channels and they are always geographically scattered. This presents additional security and management challenges. At the same time, compliance requirements including PCI DSS are very broad, and do not necessarily bring the required level of protection. This landscape calls for a specialized solution.