Many banks are continuing to use Windows XP on their aging ATM's even past the EOL deadline from Microsoft. They will be paying for additional update support from Microsoft rather than updating the older ATM's. Why? Because they still work and the cost to upgrade them would be too high. No anti-malware protection on an EOL operating system that controls access to money – what could go wrong? I do wonder if (when?) security experts will get to say "I told you so.".
Seems reasonable enough. It’s not as though dozens of cybersecurity experts have been saying things like “it’s not going to be safe to use XP even on machines that aren’t connected to the Internet” or that popping on a new anti-malware software (which none of the ATMs I ever serviced had installed on them) will provide adequate protection.