Many of the 65,000 ATMs in the UK could be at risk from cyber-attacks in the New Year when Microsoft ends extended support for the embedded version of its Windows XP operating system, warn researchers at UK IT security firm Abatis.
However, Abatis does have a solution “certain major banks” will use, the company said in a press release.
From January 2016, Microsoft will be issuing no further security patches or updates for the OS still used in the majority of ATMs to deliver cash to customers in the UK and in many other counties around the world.
“The desktop version of Windows XP ceased to be supported by Microsoft in July 2014 and while the embedded version was given extended support until January 2016, most ATMs still rely on the old operating system,” said Kerry Davies, CEO at Abatis. “This presents major problems for the banks and puts their customers’ cash at risk, which is the last thing anyone wants as they check their accounts after a costly Christmas and early sales.”
Abatis warns that the lack of security updates makes the ATM network far more at risk from sustained hacker attacks and malware infection and more vulnerable to theft and Denial of Service (DoS) attacks. “The problem is made worse by the fact that traditional defences have been shown to be increasingly inadequate at stopping the latest malware attacks,” says Davies.
Certain major banks are already planning to roll out new patented Host Integrity Technology from Abatis with its unique zero-day approach to stopping known and unknown malware, from viruses and worms to key-loggers, root-kits, and Trojan-horses.
The Abatis solution does not rely on signature file updates, white-listing, heuristic analysis or sandboxing, but instead denies any unauthorised modifications and blocks unwanted write operations or executables in real time to prevent hacking activity and malware infection.