Kaspersky: Malware Targeting Grew By 40% Compared To Figures From 2018

In 2019, Kaspersky Security Network statistics, gathered from the company’s solutions, reveals that the amount of malware targeting embedded systems grew by 40% compared to figures from 2018. This suggests that ATMs, PoS, and other similar systems are a tempting target for cybercriminals. Nonetheless, their protection can be a challenging task for devices residing in remote locations where a wireless modem is the only option for internet connection, but the area has poor cellular coverage or is not covered by modern wireless standards (such as 3G and above).

Weak communication channels may lead to a conflict between traffic flows responsible for the execution of transactions, banking software updates, and management tasks, including the delivery of updates. When a channel is overloaded with traffic between the security solution and its management server, it leads to the unstable operation or even a partial loss of control over the device. In addition, in smaller communities, there are only a few cash machines, or just one, available to citizens. If the community is remote enough, a scenario where an ATM goes down because of an overload in traffic or malicious actions would mean serious trouble. For instance, citizens would be left unable to withdraw cash from their accounts until the issue is fixed.

That’s why Kaspersky has optimized the volume of traffic shared by Kaspersky Embedded Systems Security to reduce the payload. Typically, the server periodically sends security policies to the ATM, which returns the applied settings. It allows for monitoring to show that the policies were not changed. With the updated Kaspersky Embedded Systems Security, the ATM would not send the whole of the acting policies back to the server, thus reducing the intensity of the data exchange. However, it doesn’t affect control over the device, as the ability to change these policies on the cash machine is strictly regulated by the security solution.

Thanks to this, and other data exchange optimizations, the solution ensures that functions run smoothly even in regions where only a low-speed internet connection, such as that provided by the 2G standard, is available. In fact, its technical requirements for speed starts from 56 kbp/s.

“Some people prefer to pay with cash, and in some places, there is just no other option. This means people’s daily lives depend on access to physical currency. So, banks need to provide their customers with means for withdrawing money. Our clients from the banking industry, as they take care of this need, find themselves facing the issue of poor internet connectivity in remote areas. This can affect the quality of their service, which is supposed to be delivered both conveniently and securely. In order to help them solve this problem, we have included low bandwidth tolerance to the list of optimizations we made in the new version of Kaspersky Embedded Systems Security –,” commented Oleg Gorobets, Senior B2B Product Marketing Manager at Kaspersky.