* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Financial Services](https://www2.paloaltonetworks.com/blog/category/financial-services/)
* ATMs Need Better Protecti...

# ATMs Need Better Protection From Malware

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fatms-need-better-protection-malware%2F)  
[](https://twitter.com/share?text=ATMs+Need+Better+Protection+From+Malware&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fatms-need-better-protection-malware%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fatms-need-better-protection-malware%2F&title=ATMs+Need+Better+Protection+From+Malware&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/10/atms-need-better-protection-malware/&ts=markdown)  
\[\](mailto:?subject=ATMs Need Better Protection From Malware)  
Link copied  
By [Lawrence Chin](https://www.paloaltonetworks.com/blog/author/lawrence-chin/?ts=markdown "Posts by Lawrence Chin")  
Oct 24, 2016  
4 minutes  
[Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown)  
[ATM](https://www.paloaltonetworks.com/blog/tag/atm/?ts=markdown)  
[malware](https://www.paloaltonetworks.com/blog/tag/malware/?ts=markdown)  
[Thailand](https://www.paloaltonetworks.com/blog/tag/thailand/?ts=markdown)  
[Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown)

In 2016, [payments by credit or debit cards will exceed the use of cash](http://blog.euromonitor.com/2016/09/consumer-card-transactions-overtake-cash-payments-first-time-2016.html) for the first time in history. Although the popularity of electronic payments will continue to grow, cash will not be phasing out anytime soon. Society's use of cash has been ingrained over many centuries and may take another few generations to wane. Even as banks everywhere continue to reduce full service branches, ATMs will fill that void for most mundane transactions -- including cash withdrawals. So ATMs will continue to be part of the banking ecosystem for the foreseeable future, and we need to have a fresh discussion about how to protect them.

### ATMs Are Targets

Physical attacks on ATMs started shortly after their launch in the late 1960s. In more recent times, ATMs have also been subjected to logical attacks. The first reported cases of malware on ATMs cropped up in 2009, when Skimer was found in Europe. However, since 2013, the popularity of ATM malware has grown as Padpin/Tyupkin, NeoPocket, Suceful, GreenDispenser and Ripper have made headlines over the years. In general, the objective is to steal cardholder information for future fraudulent actions or to directly dispense cash without appropriate authorization.

In July 2016, over US $2 million was stolen through the ATMs of a major bank in Taiwan. Malware was reportedly used to dispense cash upon demand to the attackers. Shortly thereafter, US $400,000 in thefts from ATMs in Thailand were also reported. The Ripper malware enabled the thieves to withdraw cash with the use of a special EMV chip card to "jackpot" the infected ATM. In both cases, the banks had to disable their ATMs while investigations and remediation activities occurred. This was obviously an inconvenience to their customers and surely resulted in negative publicity for the banks involved.

### Current Protection of ATMs

For the most part, ATMs are an extension of a bank's internal network. Some are connected via a third-party service provider while others are simply a part of the bank's corporate network. In far too many instances, there is no true separation of the ATM from the internal network. Consequently, traffic (both good and bad) can flow freely to and from the ATMs. In the Thailand attack, it was reported that the internal bank network was breached, and [one of their own software distribution tools was hijacked to deliver the malware to the ATMs](http://app.response.ncr.com/e/es.aspx?s=116340975&e=31458).

Best practices offered by manufacturers and industry groups (e.g., ATM Industry Association, European ATM Security Team) generally call for the use of antivirus, anti-malware and application whitelisting to protect the ATMs. Additionally, hardening of the underlying operating system, encrypting communications, and firewalling are also recommended. The reality is that not all of these measures are consistently deployed. Moreover, traditional antivirus has proven to be ineffective in many cases in corporate networks. Application whitelisting, for example, would not have stopped the delivery of malware via the legitimate software distribution server in the Thailand case.

### New Approaches Are Needed

Since ATMs will be part of the landscape for many years to come, their protection from logical attacks needs to evolve. Instead of relying on legacy antivirus and anti-malware solutions, more advanced endpoint protection is needed. The current recommendations from ATM manufacturers are no longer up to the task. Banks, ATM owners and operators should push their suppliers to adopt and certify more sophisticated solutions to prevent malware and exploits from compromising these devices. These solutions may also include protections for boot-up, or software run from removable media, and to limit execution only to authorized software signed by trusted vendors.

However, not all responsibility falls on the ATM manufacturers and their devices. Banks, ATM owners and operators need to provide layered protection for the ATMs as well. As an externally facing system, the ATM should be segregated from the internal corporate network. Some degree of network segmentation would limit communications to known and expected elements in internal networks. This would prevent lateral movement from random, compromised corporate devices to the ATMs. Network segmentation is one of the most important, but often neglected, practices for cybersecurity.

For more information about the Palo Alto Networks approach to advanced endpoint protection and further discussion on network segmentation for the financial services industry, please visit:

* [Traps -- Advanced Endpoint Protection](https://www.paloaltonetworks.com/products/secure-the-endpoint/traps)
* [Network Segmentation as a Business Enabler for Financial Services](https://www.paloaltonetworks.com/resources/whitepapers/network-segmentation-business-enabler-financial-services)

*** ** * ** ***

## Related Blogs

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Protecting Endpoints From Day One](https://www2.paloaltonetworks.com/blog/2019/01/protecting-endpoints-day-one/)

### [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

[#### Palo Alto Networks News of the Week -- April 22, 2017](https://www2.paloaltonetworks.com/blog/2017/04/palo-alto-networks-news-week-april-22-2017/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Traps v3.4: New Features Help Prevent Cyberattacks on Banks](https://www2.paloaltonetworks.com/blog/2016/08/traps-v3-4-new-features-help-prevent-cyberattacks-on-banks/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### From the Hill: The AI-Cybersecurity Imperative in Financial Services](https://www2.paloaltonetworks.com/blog/2025/12/ai-cybersecurity-in-financial-services/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### A New Phishing Frontier: From Email to SaaS Collaboration Apps](https://www2.paloaltonetworks.com/blog/sase/a-new-phishing-frontier-from-email-to-saas-collaboration-apps/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Using YARA to Automate Malware Identification and Classification in XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-creating-threat-hunting-rules-in-cortex-xsoar/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language