As the growth of ATM fraud increases around the world exponentially in recent times, anti-malware researchers are keen to solve a crisis in the making.
The bad guys are getting smarter, they're growing distinctively more sophisticated , warns Sergey Golovanov, senior malware Analyst for Kaspersky Lab in Moscow, who is speaking at the 10th Virus Analyst summit in Croatia. Golovanov is an expert on the cyber criminal groups who utilise ATM fraud. And in his work, he's seen some interesting trends pop up.
The problem says Golovanov, is not that security experts aren't looking for a way to solve the multitude of ATM security flaws; it's that their hands are tied. And then placed in a trench of concrete, so to speak.
"We haven't got very far yet...the systems used by banks are closed and they are not going to let outsiders access those systems", insists Golovanov, conjuring up a world where ATMs become easier to break into, because the good guys can't inspect the systems at the root of the cause.
Some ATMs in Russia and other Eastern localities have been found to infected with internal malware scripts that can capture the users details from within, without physical skimming props; a go-to cash making machine that spurts out easy money for criminal networks.
Customer details can be printed on a piece of paper at the ATM or on older machines, the ATM can be programmed to pop out in a handy taking for the bad guys.
And you don't have to very smart to pull these kind of scams off either. The surprising finding from a recent case where such malware was found in a machine was that the bad guys lacked the kind of intellect and planning normally associated with cyber criminals.
"They weren't very smart", says Golonavov, aware that the next group of people to build on this level of technology will be much more informed and sophisticated.
These 'internal' ATM threats are a much trickier proposition to solve however; if the experts can't get access to the ATMs for inspection, then the chances of doing anything about it are almost impossible.
More so, ATM malware attacks pose a wider threat for the rest of the world. It's quite foreseeable that we'll see more of these internal ATM attacks popping up around the globe more often. "Yes, it could easily happen", argues Golovanov, in a warning to ATM users.
But the real threat against ATMs isn't that it can happen, but that it's too easy to happen. ATM systems are very simple to compromise, remarks Golovanov.
Not surprisingly, the single most real threat isn't malicious scripting or false keyboards or even pinhole cameras; it's the actual metal box right in front of us when we withdrawal cash.
"The biggest threat is a physical one, because ATMs have very poor physical security, so basically anybody can do anything to one", says Golovanov.
ATMs are owned and operated by many, not just the banks. Inside jobs make it easier for criminal networks to access vulnerable machines in open locations. And users are often none the wiser for it.
Unfortunately for Golovanov and other malware warriors in this fight, is that they lack the tools to fight the ATM crime wave in the same manner they would usually approach online malware and fraud. The two worlds may be appropriately linked, but they aren't the same.
ATM systems often run on Windows systems not designed for enterprise or consumer anti-virus/security products. And the files are written as root kits to keep them well hidden inside the system.
"There just isn't antivirus for ATMs. There is effectively no security for these kind of devices", says Golovanov rather bluntly.
It's a worrisome trend: the more you start to contemplate the amount of money and personal details processed through ATMs on a daily basis, the more you realise how much is at stake - and how little we can do about it.
For researchers in the field, it's become an uphill battle just keeping up with new methods being employed by ATM criminals. The bad guys have been able to access these systems and get away without getting caught and for Golovanov, that's the real crux of the issue. "They were able to get away it", he said. Crime really does pay sometimes.
As for warning users, Golovanov believes that media spotlight which these issues are receiving is in itself, a positive thing.
He advises banking customers to err on the side of caution. If an ATM looks fishy, or you suspect a machine has been tampered with, it's worth trying another, cites Golovanov.
"Of course, (with) all these scams, all of this skimming, it's all been well researched and kind of talked to death, but people are still getting caught in all of this, so there's no harm in talking about this and warning people again."
So, should we fear the average ATM? Run for the hills? Keep our cash under our mattresses?
Users shouldn't be alarmed, cautions Golovanov. Our money is insured by the bank and a security breakdown is their responsibility at the end of the day. Everyday vigilance is the best course of approach.
"There is no absolute universal advice that applies to everybody. So the standard advice is to be on your guard and use your common sense", says Golovanov, somewhat upbeat.
"Don't be paranoid, but keep your brain switched on."