To meet these new threats, the group has published what it claims are the first international cyber security guidelines for the ATM industry.
"New platforms utilizing mainstream technologies are being introduced, which is dramatically altering the vulnerability landscape associated with [the] traditionally proprietary system," explained Ian Simpson, the manual's author. "The recommendations presented in this manual are essentially designed to provide a common sense approach to risk mitigation as a result of the rapidly changing threat model that the introduction to the ATM channel of the Windows XP and other common use operating systems, as well as the TCP/IP network protocol suite, has created," Simpson continued.
Last year, two U.S. financial institutions were hit with a computer worm that
invaded ATMs running Windows XP Embedded. The ATMs were manufactured by
Diebold, one of the world's leading ATM suppliers. According to NewScientist.com, the culprit was a worm called Welchia, which caused an overload of traffic on the network resulting in the ATMs being shut down. Welchia reportedly exploited a
vulnerability in Windows XP Embedded's RPC DCOM function.
Microsoft subsequently issued a string of security patches for Windows XP and XP Embedded, including ones for
Sasser worm, the
Download.ject Trojan, the
release of Service Pack 2 (SP2) containing numerous security fixes for Windows XP, and the
preview release of SP2 for XP Embedded with similar security enhancements.
Further information on GASA's cyber security guidelines for the ATM industry is available on GASA's
website.
Related stories: 
