ISR News: Diebold ATM’s Under Attack

March 19, 2009 by ADMIN

Share |

Excerpts From SearchFinancialSecurity.com

North Canton, Ohio-based Diebold alerted customers about the break-ins and the security update in January. The attacks, which were isolated to Russia, involved physical access to ATMs and were not a network-level security compromise, the company said in its notice. The suspects in the case have been apprehended, according to Diebold.

Diebold spokeswoman DeAnn Zackeroff said the physical attacks on the machines were very low-tech but that the malware installation indicated that the attackers were highly sophisticated. She said a number of machines in Russia were attacked, but that Diebold moved quickly to alert its customers and issue the software update.

In its alert, Diebold noted the risk to the ATMs was “significantly increased” if the Windows administrative password has been compromised, the hardened version of Windows provided by Diebold isn’t used, or if the Sygate/Symantec firewall provided with Diebold Agilis software has been disabled or isn’t configured properly. The company advised its customers of security best practices, including changing the default Windows password on its Windows-based ATMs, and making periodic changes to the administrative password.

“Obviously, fraudsters have tried to connect devices to ATMs before,” he said. “Normally they attach them on the outside of the machine, so there’s something for the public to see, but if they install malware onto the machine, there’s nothing for the human eye to see.”

These icons link to social bookmarking sites where readers can share and discover new web pages.

Share |

Filed under: Breach, Class Action Lawsuit, D&O Liability, Financial, Government, ISR News, PCI, Sarbanes-Oxley, Uncategorized, hackers, identity-theft, malware, national security, privacy

Tags: 2009, access, Anthony M. Freed, ATM, authentification, botnet, Breach, breaches, bypass, computer, confidential, consumer product liability, control, Costs, criminal, cyber security, cyber-crime, cybersecurity, D and O liability, Data, demonstration, Diebold, due diligence, Economy, electronic database, email, Finance, Financial, Financial Identity, Financial InfoSec, governance, hackers, hijacked, homeland Security, ID, identity thief, Infoduciary, Information, Information Fiduciary, Information-Security-Resources.com, InfoSec, infrastructure, ISR, junk email, law, legal, liability, malware, message, misuse, News, online fraud, patch, phishing, privacy rights, remote, risk, Russia, Security, spam, SQL Injection, System, systems, theft, third party, update, vendors, Windows, worm, zero day attack

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Categories
- Anthony M. Freed (26)
- Bill Brenner (2)
- Bob Violino (1)
- Bozidar Spirovski (23)
- Breach (540)
- Britt Womelsdorf (5)
- By Dr. InfoSec (2)
- Cara Garretson (7)
- CCCNews (1)
- Chorey Taylor & Feil (8)
- Christophe Veltsos (2)
- Christopher Burgess (7)
- CIOZone (26)
- Class Action Lawsuit (111)
- Cloud computing (113)
- Coby Royer (5)
- CTO Forum (9)
- D&O Liability (601)
- Daniel Wallace (5)
- Danny Lieberman (11)
- DataLine (10)
- David Alexander (2)
- Derek Crawford (1)
- Doug Pollack (7)
- due diligence (310)
- Fame Foundry (1)
- FEATURE ARTICLE (428)
- Financial (587)
- Fred Leland (7)
- Gene Kim (3)
- Government (373)
- Greg George (5)
- H1N1 (15)
- hackers (539)
- healthcare (134)
- Heather Bourgoin (1)
- HomeATM (8)
- identity-theft (535)
- IDExperts (17)
- Ike Z. Devji (1)
- Infosec Island Network (38)
- Insider Threat (490)
- Internet Crime Complaint Center (1)
- Internet Security Alliance (71)
- ISR News (321)
- Jacqueline Herships (2)
- Jenni Hesterman (3)
- John M. Salomon (2)
- John Watkins (7)
- John-Patrick Skaar (2)
- Kaliber Data Security and Compliance Consultants (3)
- Kat Sanders (2)
- Ken Leeser (3)
- Kevin L. Jackson (10)
- Kevin M. Nixon (21)
- Larry Ketchersid (1)
- Laton McCartney (7)
- Lauren Taylor (1)
- Linda McGlasson (1)
- malware (501)
- Mark Smail (1)
- Mark Wright (1)
- Mel Duvall (3)
- Michael Eggebrecht (3)
- Michael Lohr (1)
- Michael O'Conner (4)
- MicroSolved (1)
- Mike Duncan (3)
- Mike Meikle (4)
- Mike Spinney (1)
- Military (211)
- national security (453)
- PCI (308)
- PCI Security Standards Council (32)
- Physical Security (11)
- privacy (552)
- Rachel James (10)
- reach (11)
- Rebecca Herold (16)
- Richard Stiennon (44)
- Robert Siciliano (34)
- Sarbanes-Oxley (502)
- ScamStop (2)
- Sean Wilkins (2)
- Semyon Dukach (1)
- Simon Heron (14)
- Software Associates (11)
- Steven Fox (19)
- SUPERAntiSpyware (3)
- Sybase (6)
- Symplified (5)
- The Jester (8)
- The Privacy Professor (16)
- Thomas R. Fox (8)
- Tom Groenfeldt (2)
- Tom McLain (2)
- Trefis (14)
- Tripwire (18)
- Uncategorized (621)
- virtualization (101)
- Webcast (49)

Copyright © 2008 To Present · Information-Security-Resources.com (Permissions and Disclaimers) You are welcome to use, for any lawful purpose, the information that WE write and post to this site, provided that you link to and attribute Information-Security-Resources.com and the author(s). Any 3rd-party material linked to or referenced on this site is subject to the rights of the owners of that material.

We provide business consulting services. We do NOT provide legal or financial advice. There is no attorney / client relationship, or any privilege associated with our services. Nothing expressed on this site, or in association with our services, should be taken as legal counsel or financial advice. The opinions expressed on this site are the personal opinions of the writer(s), not those of any other individuals or organizations.

Theme: Copyright © 2008 · Revolution Code Blue designed by Brian Gardner

Information-security-resources.com is part of the Infosec Island network.