I would guess the ATM got hacked using an exploit stored on the card itself. In this case, whoever allowed unrestricted / unsigned / any code running on an ATM machine needs to get fired immediately. I just can’t believe they have not even bothered enabling application white listing using a simple group policy / domain policy setting.
The second video is worth watching as well:
Is your average ATM affected? You’re damn right it is. I haven’t seen a single sane INFOSEC aware bank having implemented proper security measures on their cash machines. It’s sad, but true.
If you are working at a bank:
- Implement proper OS hardening. What were all these files doing on the drive? cmd.exe and the onscreen keyboard, among hundreds of others, should not be even present on the drive!
- Implement proper policies (be it local or domain). Do not allow unsigned / unknown applications to run.
- Uninstall the flash / java plugins from the browser and / or uninstall any browsers present. If you need them – bring them on a flash drive when doing maintenance or access them remotely from a network drive / share.
- Run the machine as Guest during normal operation, or at least as a limited user?
- Maybe, try *THINKING* next time you try setting up an ATM?