ATM vulnerabilities highlight the importance of securing machines against network attacks, according to a Positive Technologies report.
Some 69% of ATMs are vulnerable to Black Box attacks, wherein criminals connect programmed Black Box devices to the cash dispenser to bypass security and collect money in as little as 10 minutes on certain models, according to a Wednesday report from Positive Technologies.
Attacks against ATMs have become increasingly common across the globe, the report noted, leading the US Secret Service to issue an urgent ATM threat warning to banks in October. The first reports of ATM malware attacks date back to 2009, when a Trojan called Skimer was found to steal funds and bank card data, the report noted.
Today, 85% of ATMs remain poorly secured against network attacks, such as spoofing the processing center, the report found. This potentially allows criminals to interfere with the transaction confirmation process, and fake a response from the processing center to approve every withdrawal request, or increase the amount of money dispensed.
SEE: Intrusion detection policy (Tech Pro Research)
Attackers can also gain access to GSM modems connected to ATMs, and use them to attack other ATMs on the same network, or even the internal network of the bank.
The vast majority of ATMs tested (92%) were vulnerable to a number of attacks due to a failure to implement hard drive encryption, according to the report. This means an attacker could connect directly to an ATM hard drive and infect it with malware to disable security, controlling the cash dispenser, the report noted.
On 76% of the ATMs tested, exiting kiosk mode was possible, which would allow attackers to potentially run commands in the ATM operating system, the report found. They would only need about 15 minutes to complete this attack.
"Our research shows that most ATMs have no restrictions to stop connection of unknown hardware devices," Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies said in a press release. "Although ATM owners bear the brunt of the threat from logic attacks, bank clients may fall victim as well. In our security work, we constantly uncover vulnerabilities related to network security, improper configuration, and poor protection of peripherals. These flaws allow criminals to steal ATM cash and obtain card information."
To reduce the risk of attack and speed threat response, banks should work to physically secure ATMs, the report recommended. They should also implement logging and monitoring of security events on the ATM and related infrastructure, and perform regular security analysis of the machines.
The big takeaways for tech leaders:
- 69% of ATMs are vulnerable to Black Box attacks. -- Positive Technologies, 2018
- 85% of ATMs remain poorly secured against network attacks such as spoofing the processing center. -- Positive Technologies, 2018
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- US sentences to prison its first ATM jackpotter (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Forget debit cards. This is how you'll use your phone at the ATM (CNET)
- How one small hack turned a secure ATM into a cash-spitting monster (TechRepublic)