A new surge of logical attacks on ATMs: what the Belgian experience teaches

Published: 26 August 2020 y., Wednesday

In June and July 2020, ATMs of the Belgian bank Argenta were attacked by hackers. Using special software, the criminals seized control of the ATMs and withdrew all the cash that was there. The bank not only suffered financial and reputational losses, but was also forced to take out of service 143 ATMs with a similar software stack to avoid a recurrence of incidents.

What happened in Belgium?

As soon as it became known about the attacks on ATMs in Belgium, Diebold Nixdorf began his own investigation of the incident. It turned out that in all cases, ProCash 2050xe ATMs with the CMD-v4 cash dispensing module were attacked. The attackers destroyed part of the fascia in order to gain physical access to the ATM computer, then disconnected the USB cable connecting the dispenser and the ATM computer, and connected this cable to their own computer or laptop (so-called ‘black box’), which directly sent the command to the dispenser to dispense all cash. This type of attack is called the black box attack.

Black box attacks are one of the varieties of jackpotting, which means hacking into the ATM security system using special software that allows you to take control of cash withdrawal.

As a rule, when jackpotting, hackers use ready-made malware or their own code. However, as the investigation believes, during the attacks in Belgium, the hackers installed components of the ATM software stack on the black box, which they used to interact with self-service devices during the attacks. This method of hacking is not unique, but it has never been seen in Europe before.

The investigation has yet to find out how the ATM software ended up in the hands of attackers. According to one of the versions of the investigation, the criminals simply downloaded it from one of the terminals, where these components were stored on an unencrypted hard drive. It became possible to use this software to steal cash from other self-service devices, since these devices had outdated versions of the basic software and there were no additional encryption tools for the data transmission channel.

What can be done to protect ATM machines from jackpotting?

BS/2 experts in the field of security of self-service devices studied the situation, the vendor's recommendations and made a list of actions that can be taken right now to protect ATMs from jackpotting.

”In order to minimize the risk of jackpotting, in most cases it is enough to encrypt the communication channel between the ATM computer and its dispenser and use the current versions of the ATM system software, however, we recommend a comprehensive approach to the security of self-service devices,” - says the head of technical department of BS/2 Andrey Smirnov.

A comprehensive approach to ATM security includes the following measures.

1.   Ensure encryption of the communication channel between the ATM computer and the dispenser.

2.   Regularly update the software required for the ATM operation to the latest versions.

  • Operating system (Windows 10)
  • ATM software at XFS-level (ProBase 1.2/00 or higher)
  • Firmware of peripheral devices

3.   Ensure compliance of the bank's IT infrastructure with PCI DSS requirements.

  • Building a secure network and ensuring its safe operation.
  • Restricting access to data in accordance with the business need.

4.   Provide the physical security of the ATM.

  • Use video surveillance systems (e.g. ATMeye.iQ software solution).
  • Use special locks for ATM safes.

5.   Use specialized software solutions for ATM security.

An example of such a software solution is Diebold Nixdorf's Vynamic Security platform, which not only protects ATMs from malware but also ensures the security of data transmitted by terminal devices.

How does Vynamic Security protect against jackpotting?

The Vynamic Security software solution consists of several modules, each of which has its own area of responsibility. For example, one of them - the Intrusion Protection module - prohibits the launch of third-party software on the ATM computer, making it impossible to install malware. Another solution module - Hard Disk Encryption - does not allow replacing the ATM hard disk and ensures the safety of the device when it is turned off.

In addition, the full Vynamic Security suite protects ATMs from malicious software infiltration over the network, so any attempt by attackers to download malware onto a terminal device over the network will fail. The solution also allows you to restrict access to data depending on the user group and provides effective access control by managing the rights of individual accounts and user groups with the ability to log all their actions.

Šaltinis: Penki kontinentai
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment




Vilnius residents are spending more in cafes and restaurants, and tips are increasing too

By the end of the first quarter of this year, nearly 1,000 waiters and bartenders in the country have joined the new Lithuanian digital solution for tips. more »

Penki kontinentai Group implements a new non-standard payment solution in Georgia

BS/2 Georgia and ASHBURN International, together with TBC Bank, one of the largest banks in Sakartvelo, have developed a new non-standard payment solution for the coffee capsule manufacturer Meama. more »

The Georgian Market Is Increasingly Interested in Lithuanian POS Terminal Management Solutions

One more Georgian bank is now using TransLink.iQ, ASHBURN International's software solution for card readers. more »

The history of the Penki kontinentai group of companies - in the authoritative Newsweek magazine

One of the oldest American media outlets wrote about the achievements of Penki Kontinentai Group. more »

Georgian Banks Implement New Payment Terminal Options

In collaboration with the Georgian bank TBC Bank, ASHBURN International developed and deployed on POS terminals the feature of payment for products and services without cash or bank cards. more »

BS/2 partner Diebold Nixdorf has received two Global Banking & Finance Review awards 2022

The company received the Next 100 Global Awards 2022 — Technology Solutions Provider award. more »

The VI International Banking Forum Results

BS/2 (Penki kontinentai Group) was a premium sponsor of the event. more »

BS/2 is the General Sponsor of the International Banking Forum

The banking industry professionals from Eastern Europe and Central Asia met in Almaty on October 26 and 27, 2022. more »

Tipping via POS-terminal is an innovation in the Lithuanian service market

“My tips” is a new service option in the Lithuanian restaurants. more »