A new surge of logical attacks on ATMs: what the Belgian experience teaches

Published: 26 August 2020 y., Wednesday

In June and July 2020, ATMs of the Belgian bank Argenta were attacked by hackers. Using special software, the criminals seized control of the ATMs and withdrew all the cash that was there. The bank not only suffered financial and reputational losses, but was also forced to take out of service 143 ATMs with a similar software stack to avoid a recurrence of incidents.

What happened in Belgium?

As soon as it became known about the attacks on ATMs in Belgium, Diebold Nixdorf began his own investigation of the incident. It turned out that in all cases, ProCash 2050xe ATMs with the CMD-v4 cash dispensing module were attacked. The attackers destroyed part of the fascia in order to gain physical access to the ATM computer, then disconnected the USB cable connecting the dispenser and the ATM computer, and connected this cable to their own computer or laptop (so-called ‘black box’), which directly sent the command to the dispenser to dispense all cash. This type of attack is called the black box attack.

Black box attacks are one of the varieties of jackpotting, which means hacking into the ATM security system using special software that allows you to take control of cash withdrawal.

As a rule, when jackpotting, hackers use ready-made malware or their own code. However, as the investigation believes, during the attacks in Belgium, the hackers installed components of the ATM software stack on the black box, which they used to interact with self-service devices during the attacks. This method of hacking is not unique, but it has never been seen in Europe before.

The investigation has yet to find out how the ATM software ended up in the hands of attackers. According to one of the versions of the investigation, the criminals simply downloaded it from one of the terminals, where these components were stored on an unencrypted hard drive. It became possible to use this software to steal cash from other self-service devices, since these devices had outdated versions of the basic software and there were no additional encryption tools for the data transmission channel.

What can be done to protect ATM machines from jackpotting?

BS/2 experts in the field of security of self-service devices studied the situation, the vendor's recommendations and made a list of actions that can be taken right now to protect ATMs from jackpotting.

”In order to minimize the risk of jackpotting, in most cases it is enough to encrypt the communication channel between the ATM computer and its dispenser and use the current versions of the ATM system software, however, we recommend a comprehensive approach to the security of self-service devices,” - says the head of technical department of BS/2 Andrey Smirnov.

A comprehensive approach to ATM security includes the following measures.

1.   Ensure encryption of the communication channel between the ATM computer and the dispenser.

2.   Regularly update the software required for the ATM operation to the latest versions.

  • Operating system (Windows 10)
  • ATM software at XFS-level (ProBase 1.2/00 or higher)
  • Firmware of peripheral devices

3.   Ensure compliance of the bank's IT infrastructure with PCI DSS requirements.

  • Building a secure network and ensuring its safe operation.
  • Restricting access to data in accordance with the business need.

4.   Provide the physical security of the ATM.

  • Use video surveillance systems (e.g. ATMeye.iQ software solution).
  • Use special locks for ATM safes.

5.   Use specialized software solutions for ATM security.

An example of such a software solution is Diebold Nixdorf's Vynamic Security platform, which not only protects ATMs from malware but also ensures the security of data transmitted by terminal devices.

How does Vynamic Security protect against jackpotting?

The Vynamic Security software solution consists of several modules, each of which has its own area of responsibility. For example, one of them - the Intrusion Protection module - prohibits the launch of third-party software on the ATM computer, making it impossible to install malware. Another solution module - Hard Disk Encryption - does not allow replacing the ATM hard disk and ensures the safety of the device when it is turned off.

In addition, the full Vynamic Security suite protects ATMs from malicious software infiltration over the network, so any attempt by attackers to download malware onto a terminal device over the network will fail. The solution also allows you to restrict access to data depending on the user group and provides effective access control by managing the rights of individual accounts and user groups with the ability to log all their actions.

Šaltinis: Penki kontinentai
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment




"Penki Kontinentai Group" opened an office in Spain

On 24 May 2024 in Alicante was registered the company PENKI KONTINENTAI ESPANA. more »

Strategic session of the "Penki kontinentai" group of companies: exchange of experience and plans for further development

Penki Kontinentai Group employees attended the annual strategy session held in Vilnius from January 22nd to 26th, 2024. more »

ASHBURN International and Rietumu Bank will collaborate to improve acquiring services in the Baltics and EU

This collaboration represents a significant advance in payment services in the European Union. more »

BS/2 has received awards from Diebold Nixdorf for outstanding collaboration results

The BS/2 delegation attended the annual Banking Partner Summit organized by Diebold Nixdorf in Indonesia. more »

BS/2 Makes a Ukrainian Girl's Dream Come True

For the first time, the Lithuanian national cheerleading team achieved podium placements at the European Cheerleading Championship. more »

Ashburn International Readies to Launch Two New Products on The Polish Payments Market

As a result of attending the XI Cashless Congress in Warsaw, several agreements were reached with Polish cashless payment operators concerning ASHBURN International's products. more »

BS/2 and Modern Expo plan to increase the supply the innovative retail equipment to the Baltic States

Together with BS/2, the Ukrainian supplier plans to expand its presence in the Baltic. more »

Penki kontinentai group participates in DUOday for the third year

The Penki kontinentai group of companies has joined the initiative of the social employment agency SOPA DUOday" for the third year in a row. more »

BS/2 representatives took part in the Lithuanian-Azerbaijani business forum

On May 22, a Lithuanian-Azerbaijani business forum was held in Vilnius. more »

20 employees from the “Penki kontinentai” group successfully completed the “Europa” race challenge!

The “Penki kontinentai” team has become the largest for the for the third time in a row more »