Recently a series of ATM attacks were conducted using rogue network devices. The hackers opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards.
The success of this kind of attack is possible thanks to several ignored, well-established security principles.
Researchers are saying that the external locks on an ATM are usually trivial to pick. A good crook is able to open an ATM within 20 seconds.
The internal safe that holds the cash is usually protected with exceptional locks, but the safe is literally a USB-connected cash dispenser. The computer that controls it sits in the upper half of the ATM safe and the network equipment, often a small router/switch combo, is right next to the computer.
The most popular encryption protocol in the world, SSL, was released over 20 years ago. One of the more common arguments of still using it instead of choosing TSL is that the ATM application is only designed to be used on trusted networks.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
In the ATM world, the definition of a “trusted” network tends to be a bit more expansive. ATMs can be connected to the backend servers in a variety of ways. Some are connected using traditional telephone lines (POTS). Many modern ones are connected using cell phone networks. And quite a number are using Ethernet connections connected to the organization’s sites where they are deployed.
Unfortunately, the supposedly “safe” network connections are ignored by staff on a routine basis. Everyone assumes that the guy who looks like a service technician has been validated by someone else and obviously belongs there.
But it is hard enough to keep track of legitimate devices or staff, let alone malicious ones. Rogue devices can be incredibly compact as well.
The risk of rogue devices goes well beyond ATMs. Many organizations routinely use plain text network protocols on their internal networks.
ATMs are particularly important because they store actual cash, handle financial data, and can be used as a beachhead into an internal network. researchers recommend the following best practices for ATM testing:
– Conduct an in-depth, manual penetration testing of the ATM’s physical security controls, electronic hardware, software, OS hardening, network communications, and backend systems.
– Perform internal network penetration testing either on-site, or, more frequently, using virtual appliances that allow remote access, but simulate physical access.
– Physically access internal networks using techniques like badge tailgating, social engineering, and even lockpicking.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.