The Corliss Group Latest Tech Review: Using Windows XP makes European ATMs vulnerable to malware attacks
The Corliss Group Latest Tech Review - For the first time a country in Western Europe reported that malware attacks used by hackers to steal € 1,230,000 (US $ 1,320,000) from ATMs. A major problem is the continued use of Windows XP in ATMs , making them more vulnerable to attack, a report on ATM fraud said.
The report does not specify which country reported malware attacks , says Lachlan Gunn, Executive Director of the European ATM Security Team (EAST), an organization that aims to provide an overview of the development of ATM fraud .
But it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, Asia Pacific and Latin America, says Gunn.
The statistics in the East report were provided by 21 European countries, including France, Germany, Italy, England, Spain, Romania and the Netherlands.
The country targeted by malware attacks reported 51 incidents involving malware in 2014. In those cases, criminals used so-called cash out or jackpot things attack where malware is used to take control of ATM cash dispensers feature makes it possible for criminals to draw cash. Gunn expects several Western European countries will report malware attacks in 2015.
"As a significant number of European ATMs continue to use Windows XP operating system, there is concern that many continue to suffer ATM malware not taking the necessary preventive measures," EAST said in the report.
Microsoft ended support for Windows XP in April last year. Despite ATM vendors like Wincor Nixdorf warning that the operating system exposes ATM operators significantly higher security and legal risks, migration to new systems is slow.
Suppliers with EAST and European police, working on guidelines to protect their ATM systems against these malware attacks, says Gunn.
Government to Call on Companies to Help Improve Information Sharing as Breaches Get More Sophisticated
President Barack Obama will convene top executives from Silicon Valley, Wall Street, and a number of other industries on Friday in a first-of-its kind cybersecurity “summit” taking place as the government and corporate executives each struggle to adjust to persistent and sophisticated breaches.
Mr. Obama will be joined at the Stanford University event by top officials at the Department of Homeland Security, U.S. Secret Service, and Federal Bureau of Investigation. The officials will call on companies to share more information with the government in an effort to combat future cyberattacks, a plea officials have made for months with limited success.
Mr. Obama’s presence at the event has drawn what has emerged as a Who’s Who of corporate leaders, reflecting a growing acknowledgment that many companies need to rethink their cyberdefenses.
Apple Inc. Chief Executive Tim Cook will deliver remarks about his company’s push toward a more secure payment system, a theme the White House is expected to try to reinforce for other companies throughout the event.
An Apple spokeswoman confirmed that Mr. Cook will be speaking at the summit. He is expected to focus on Apple’s experience with mobile payments. Apple introduced Apple Pay in October, touting a security feature aimed at reducing the chances of credit-card theft.
Mr. Cook will be joined at Stanford on Friday by the CEOs of Bank of America Corp., U.S. Bancorp, American Express, Kaiser Permanente, Visa Inc., MasterCard Inc., and PayPal who also will speak on panels at the daylong event, along with representatives from Facebook Inc., Google, Intel Corp., and a numerous other companies.
Input from these executives is notable, as they collectively hold health, financial, search-engine, and social-media records on tens of millions of Americans. A number of the firms, particularly the technology companies, have sparred with the federal government over privacy concerns in recent years.
To acknowledge those concerns, the White House is expected to make privacy a central theme at the summit, in addition to consumer protection and cybersecurity techniques.
In addition to remarks from Messrs. Obama and Cook, the seven-hour event will include multiple panel sessions, including separate discussions of public-private collaboration, consumer protection, and payment technologies.
The entire event will be live-streamed on the White House’s website.
Senior administration officials see the event as a continuation of two years’ worth of cybersecurity initiatives, but the issue has taken on more urgency in recent months as the number of cyberattacks has increased dramatically. And recent large-scale breaches at Sony Pictures Entertainment Inc. and Anthem Inc. have led to an internal debate among government officials over whether the government should heighten its response to cyberattacks carried out by foreign countries.
Also notably, the White House’s list of panelists and speakers at the summit doesn't include representatives from many of the large companies that have suffered major breaches in recent years, such as Home Depot Inc., J.P. Morgan Chase & Co., Target Corp., Sony, or Anthem. A senior administration official said these companies weren't excluded from panels at the event.
Also missing from the list of panelists and speakers are officials from the U.S. intelligence community, such as the National Security Agency and Central Intelligence Agency. Intelligence officials often collect information about cyberthreats, and the White House on Tuesday announced a new office that is meant to collect and analyze their data.
But many technology companies remain skeptical about the operations of these agencies, particularly the NSA. A senior administration official said officials from the intelligence agencies would be at the event but officials from the agencies like the FBI and DHS were tapped to speak because they interact directly with the public to discuss cyber issues.