Many of the 65,000 ATMs in the UK could be at risk from cyber attack in the New Year when Microsoft ends extended support for the embedded version of its Windows XP operating system, warn researchers at UK IT security firm Abatis. From January 2016, Microsoft will be issuing no further security patches or updates for the OS still used in the majority of ATMs to deliver cash to customers in the UK and in many other counties around the world.
“The desktop version of Windows XP ceased to be supported by Microsoft in July 2014 and while the embedded version was given extended support until January 2016, most ATMs still rely on the old operating system,” said Kerry Davies, CEO at Abatis. “This presents major problems for the banks and puts their customers’ cash at risk, which is the last thing anyone wants as they check their accounts after a costly Christmas and early sales.
Abatis warns that the lack of security updates makes the ATM network far more at risk from sustained hacker attacks and malware infection and more vulnerable to theft and Denial of Service (DoS) attacks. “The problem is made worse by the fact that traditional defences have been shown to be increasingly inadequate at stopping the latest malware attacks,” says Davies.
While customers can pay for extended support from Microsoft it is very expensive. As a result certain major banks are already planning to roll out new patented Host Integrity Technology from Abatis with its unique zero-day approach to stopping known and unknown malware, from viruses and worms to key-loggers, root-kits, and Trojan-horses. The Abatis solution does not rely on signature file updates, white-listing, heuristic analysis or sandboxing, but instead denies any unauthorised modifications and blocks unwanted write operations or executables in real time to prevent hacking activity and malware infection.
“As well as excellent zero-day defence, the Abatis software also offers a very low maintenance overhead and with a very small footprint of just 100KB, which makes it ideal for use in ATMs along with retail Point of Sale (POS) terminals to secure old legacy operating systems with minimal cost and disruption,” says Davies.
Abatis won ‘Most Innovative Product’ at the Cyber Security Awards in July 2015 and was also a finalist in the TechUK Innovative Cyber Company 2015 Awards and identified in a 2014 Forrester Research Report as one of the few technologies that could replace AV in the future and highlighted Abatis as a ‘Company to Watch’. Abatis is a start-up British company spun out of the Enterprise Centre at Royal Holloway University of London focused on the research, design and development of non-signature based Host Integrity Technology. Professor Fred Piper of Royal Holloway heads the Abatis advisory board. Abatis was granted a US Patent for its technology in May 2015 and the European Patent is pending.