A new surge of logical attacks on ATMs: what the Belgian experience teaches

Published: 26 August 2020 y., Wednesday

In June and July 2020, ATMs of the Belgian bank Argenta were attacked by hackers. Using special software, the criminals seized control of the ATMs and withdrew all the cash that was there. The bank not only suffered financial and reputational losses, but was also forced to take out of service 143 ATMs with a similar software stack to avoid a recurrence of incidents.

What happened in Belgium?

As soon as it became known about the attacks on ATMs in Belgium, Diebold Nixdorf began his own investigation of the incident. It turned out that in all cases, ProCash 2050xe ATMs with the CMD-v4 cash dispensing module were attacked. The attackers destroyed part of the fascia in order to gain physical access to the ATM computer, then disconnected the USB cable connecting the dispenser and the ATM computer, and connected this cable to their own computer or laptop (so-called ‘black box’), which directly sent the command to the dispenser to dispense all cash. This type of attack is called the black box attack.

Black box attacks are one of the varieties of jackpotting, which means hacking into the ATM security system using special software that allows you to take control of cash withdrawal.

As a rule, when jackpotting, hackers use ready-made malware or their own code. However, as the investigation believes, during the attacks in Belgium, the hackers installed components of the ATM software stack on the black box, which they used to interact with self-service devices during the attacks. This method of hacking is not unique, but it has never been seen in Europe before.

The investigation has yet to find out how the ATM software ended up in the hands of attackers. According to one of the versions of the investigation, the criminals simply downloaded it from one of the terminals, where these components were stored on an unencrypted hard drive. It became possible to use this software to steal cash from other self-service devices, since these devices had outdated versions of the basic software and there were no additional encryption tools for the data transmission channel.

What can be done to protect ATM machines from jackpotting?

BS/2 experts in the field of security of self-service devices studied the situation, the vendor's recommendations and made a list of actions that can be taken right now to protect ATMs from jackpotting.

”In order to minimize the risk of jackpotting, in most cases it is enough to encrypt the communication channel between the ATM computer and its dispenser and use the current versions of the ATM system software, however, we recommend a comprehensive approach to the security of self-service devices,” - says the head of technical department of BS/2 Andrey Smirnov.

A comprehensive approach to ATM security includes the following measures.

1.   Ensure encryption of the communication channel between the ATM computer and the dispenser.

2.   Regularly update the software required for the ATM operation to the latest versions.

  • Operating system (Windows 10)
  • ATM software at XFS-level (ProBase 1.2/00 or higher)
  • Firmware of peripheral devices

3.   Ensure compliance of the bank's IT infrastructure with PCI DSS requirements.

  • Building a secure network and ensuring its safe operation.
  • Restricting access to data in accordance with the business need.

4.   Provide the physical security of the ATM.

  • Use video surveillance systems (e.g. ATMeye.iQ software solution).
  • Use special locks for ATM safes.

5.   Use specialized software solutions for ATM security.

An example of such a software solution is Diebold Nixdorf's Vynamic Security platform, which not only protects ATMs from malware but also ensures the security of data transmitted by terminal devices.

How does Vynamic Security protect against jackpotting?

The Vynamic Security software solution consists of several modules, each of which has its own area of responsibility. For example, one of them - the Intrusion Protection module - prohibits the launch of third-party software on the ATM computer, making it impossible to install malware. Another solution module - Hard Disk Encryption - does not allow replacing the ATM hard disk and ensures the safety of the device when it is turned off.

In addition, the full Vynamic Security suite protects ATMs from malicious software infiltration over the network, so any attempt by attackers to download malware onto a terminal device over the network will fail. The solution also allows you to restrict access to data depending on the user group and provides effective access control by managing the rights of individual accounts and user groups with the ability to log all their actions.

Šaltinis: Penki kontinentai
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment




Associated articles

BasisBank improves ATM Cash Planning with Cash Management.iQ

Georgian BasisBank has implemented the cash flow management and forecasting software Cash Management.iQ. One of the benefits of cash management software is decreased operational costs associated with the ATM network. Cash professionals of the bank are equipped with real-time cash... more »

BasisBank improves ATM Cash Planning with Cash Management.iQ

Georgian BasisBank has implemented the cash flow management and forecasting software Cash Management.iQ. One of the benefits of cash management software is decreased operational costs associated with the ATM network. Cash professionals of the bank are equipped with real-time cash monitoring tools to manage the amount of CIT visits as well as cash inventory and ATM availability KPIs. more »

Penki and 5 facts about television

World Television Day is celebrated around the world on 21 November. We are glad to contribute to the development of television in Lithuania. In 2006, we were the first in the country to offer PENKI IPTV services. more »

Amid Pandemic, Internet Traffic Breaks Records

The coronavirus closed more than half of humanity at home in the spring. Today, it attacks again. Coronavirus affects Internet traffic. It has grown by a third, said the Internet provider Penki. more »

Hindsight: From Ritty's Incorruptible Cashier to Self-Checkout

November 4, 1879, is the birthday of the cash register. Today it is impossible to imagine modern trade without the use of cash registers. They are everywhere: in shops, cafes, and post offices. Who came up with the idea to keep track of cash using the cash register? more »

Vynamic Marketing. How to attract new customers and personalize ads using ATMs

Restrictive measures related to the spread of the COVID-19 pandemic have changed the way banks serve their customers. ATMs and other terminal devices have become a real alternative to traditional service in bank branches. more »

Fiber-Optic Internet Penki Will Celebrate its 22nd Birthday

In Lithuania, the era of fiber-optic Internet began on October 28, 1998, when Penkių kontinentų komunikacijų centras, a member of the Penki Kontinentai Group, for the first time in Lithuania offered its customers the fastest fiber-optic Internet. So this day, we will celebrate the birthday of the Penki network, but also the fiber-optic Internet in Lithuania! more »

COVID-19 Has Been Diagnosed To Five Employees of BS/2

Five COVID-19 cases have been identified in Penkių kontinentų bankinės technologijos, a company belonging to the Penki Kontinentai Group. more »

Digital Payments Accelerated with Covid-19 Pandemic

Payment cards, electronic payments, and online services have become a reality not only in financial but also in social, utilities, and other spheres. Many countries strive for a new reality in which there are no coins or bills. Swedish churches already accept donations electronically, and China has more than five bankcards per person. Various factors affect the speed of the cash refusal: the emergence of new convenient and safe solutions, the development of innovative technologies, and even such extraordinary circumstances as the COVID-19 pandemic. more »

Traditional Victory of SEB at the BFI Cup Tournament

The tennis tournament, which took place in the Vilnius sports complex SEB Arena on October 10-11, was traditionally held with the support of Penkių kontinentų bankinės technologijos (BS/2), owned by Penki Kontinentai. more »

The World Invests in Cryptocurrency ATMs: What's New?

The total number of devices worldwide has already exceeded 10,000 according to the Coin ATM Radar. The first Bitcoin ATM was installed seven years ago in Vancouver. As stated by the Norwegian financial company AksjeBloggen, the number of crypto ATMs grew by 167 percent over the year. more »