The battle for ATMs. How criminals break into self-service devices today

Published: 18 September 2018 y., Tuesday

Hacking ATMs with malicious software or traditional physical attacks is becoming one of the most worrisome trends in the banking sector in 2018. The wave of "jackpotting" attacks, which swept across the countries in Asia, North and South America at the beginning of the year, continues as series of similar crimes occur in European countries, including the post-Soviet space. 

The main problem for financial institutions is that they have to protect their self-service infrastructure from completely different types of attacks, and there is no cure-all solution to all possible problems. 

It is important to understand that financial institutions are protecting not only their physical assets (the terminals themselves) and stored money, but also their intellectual property and business-crucial data about their activities and customers, as well as their reputation as reliable providers of banking services. 

However all the threats we will be examining can be divided into three main types. Each group of vulnerabilities has its own specifics and requires the consolidation of multiple departments of the bank (technical department, security department, customer service departments) and an experienced technology partner.

1. Physical attacks on ATMs

According to recent statistics, the most popular attacks on self-service devices are performed with rather primitive means: trying to saw or break open the ATM, which in most cases takes a lot of time and attracts the attention of the police. In 8 out of 10 cases of such physical attacks, it is quite easy to track criminals, and they do not even have time to access the stored money. 

Cybercriminals using special means, in particular, explosives possess a higher threat to banks. For example, an ATM can be filled with gas and blown up, which will attract the attention of the security service only at the very last moment. In recent years, up to 30 such cases have been recorded in the world, and annual damage ranges from 170 to 200 million euros. 

Preventing such attacks is the prerogative of the security service. Reliable installation of self-service devices, effective use of video surveillance systems and quick notifications from the sensors installed on the terminals - help minimize the risk of the criminals disappearing without a trace along with the cash and the self-service device itself.

2. Intrusion attacks through ATMs

An even greater threat comes from attackers being able to access and reprogram the hardware of the self-service device using malicious software installed directly on the terminal itself. To do this hackers drill a small hole to access the ATM computer on which they install special software via the USB port, for example, the Green Dispenser Trojan or the software part of the Cutlet Maker kit, which is freely available to hackers of such devices around the world. 

The malicious software on the compromised devices is not easy to detect for the security staff of the bank, so criminals manage to carry out the preparatory stage without much risk. They seal the video cameras and drill a small hole in the terminals shell (which only takes a few minutes). After that, because ATM computers are usually protected by standard antivirus software or not protected at all, all that is left is to insert a USB stick or gain control of the ATM computer through the USB port. 

The malicious program instructs the dispenser to issue all the banknotes stored in the cassettes of the ATM before the security service has time to respond adequately. The speed and the ease of compromise is why logical attacks are the most effective way of stealing money.

The best way to protect devices from hackers is to use specialized solutions that restrict access to the device from outside processes and other various manipulations. Creating a "sandbox" environment for the hardware and software of the ATM allows you to automatically detect any suspicious activity on the terminal and instantly inform the responsible personnel while simultaneously running one of the protective scenarios.

3. Global malware attacks on the IT infrastructure of the bank

However, often the point of penetration for criminals who want to empty ATMs or payment kiosks is not the terminal itself, but other parts of the bank's IT infrastructure. Unoptimized work processes, high staff rotation with access to important internal information and low technological level of financial organizations makes the attack surface even greater, and the job of the security service becomes greatly complicated. 

For this reason, practically no ATMs are connected to the internal bank network, access to which from the outside is practically impossible. The use of VPNs, TLS protocols, special "firewalls" together with decisions on strict (ultimatum) delineation of access rights allows concentrating protective resources around the most vulnerable part of the banking infrastructure. 

Thus, even in the case of hacking banking databases (for example, Internet banking), ATMs and payment kiosks are relatively safe. Their defense system should be detached and generally independent of what is happening outside of it. Nevertheless, only companies with a large practical experience in this field can check the correctness of the configuration of all self-service device protection systems. 

BS/2 offers comprehensive security audit services for the fleet of banks' self-service devices and protects the most vulnerable part of the infrastructure from attacks of any type. BS/2 offers the ATMeye.iQ solution, which protects more than 80,000 devices worldwide and Diebold Nixdorf’s Vynamic Security solution – a world-leading firm in the field of banking technology. Contact BS/2 representatives for detailed information on the audit procedure, the functionality of the software solutions and the stages of its implementation.

Did you like our material? Subscribe to our regular newsletter to receive the most interesting topics and exclusive offers from BS/2.

Šaltinis: Penki kontinentai
Copying, publishing, announcing any information from the portal without written permission of editorial office is prohibited.

Facebook Comments

New comment




"Penki Kontinentai Group" opened an office in Spain

On 24 May 2024 in Alicante was registered the company PENKI KONTINENTAI ESPANA. more »

Strategic session of the "Penki kontinentai" group of companies: exchange of experience and plans for further development

Penki Kontinentai Group employees attended the annual strategy session held in Vilnius from January 22nd to 26th, 2024. more »

ASHBURN International and Rietumu Bank will collaborate to improve acquiring services in the Baltics and EU

This collaboration represents a significant advance in payment services in the European Union. more »

BS/2 has received awards from Diebold Nixdorf for outstanding collaboration results

The BS/2 delegation attended the annual Banking Partner Summit organized by Diebold Nixdorf in Indonesia. more »

BS/2 Makes a Ukrainian Girl's Dream Come True

For the first time, the Lithuanian national cheerleading team achieved podium placements at the European Cheerleading Championship. more »

Ashburn International Readies to Launch Two New Products on The Polish Payments Market

As a result of attending the XI Cashless Congress in Warsaw, several agreements were reached with Polish cashless payment operators concerning ASHBURN International's products. more »

BS/2 and Modern Expo plan to increase the supply the innovative retail equipment to the Baltic States

Together with BS/2, the Ukrainian supplier plans to expand its presence in the Baltic. more »

Penki kontinentai group participates in DUOday for the third year

The Penki kontinentai group of companies has joined the initiative of the social employment agency SOPA DUOday" for the third year in a row. more »

BS/2 representatives took part in the Lithuanian-Azerbaijani business forum

On May 22, a Lithuanian-Azerbaijani business forum was held in Vilnius. more »

20 employees from the “Penki kontinentai” group successfully completed the “Europa” race challenge!

The “Penki kontinentai” team has become the largest for the for the third time in a row more »