85 Percent of ATMs Allow Cybercriminals to Access the Network
NEWS

85 Percent of ATMs Allow Cybercriminals to Access the Network

Positive Technologies researchers performed an extensive analysis on ATMs and how they can be attacked. ATMs from several vendors were tested, such a NCR, Diebold Nixdorf, and GRGBanking. The researchers tested a number of typical attacks and exploits that cybercriminals use in their attempts to harvest money from ATMs or to copy the information from bank cards, an attack known as skimming. The focus of the report is ATM malware.

ATM malware families, such as GreenDispenser, Alice, Ripper, Radpin, and Ploutus are relatively new to the market and are available for sale on dark web forums. With prices starting at $1,500, such malware is somewhat expensive but offers enormous profits. Attackers can recoup their initial costs with even one successful theft, the report notes.

The developers of ATM malware are also adapting their pieces to the ever-growing variety of ATM models, making their work even more efficient, and in many cases are giving complete instructions on how to use the particular malware. CutletMaker malware, for example, was sold openly together with detailed instructions for a price of $5,000.

As noted in the report, the most crucial thing that should be carefully examined in ATM malware is not its inner workings, but the installation method, because this is how a protection method can be outlined.

Related:
Security researchers have uncovered malware that is specifically crafted to target Bitcoin ATMs. This malware is being traded on the Dark Web.
Bitcoin ATMs at Risk of Malware Sold on the Dark Web

Vulnerabilities in ATMs

There are 4 basic categories of vulnerabilities that security researchers have encountered in their work:

  • Insufficient network security, where a criminal with access to the ATM network can target available network services, intercept and spoof traffic, and attack network equipment.
  • Insufficient peripheral security, usually caused by lack of authentication between peripherals and the ATM OS, enabling cybercriminals to infect the ATM with malware and eventually stealing cash or intercepting card data;
  • Improper configuration of systems or devices, caused by lack of hard drive encryption, authentication errors, poor protection against exiting kiosk mode, and the ability to connect arbitrary devices;

  • Vulnerabilities or improper configuration of Application Control
    , where flaws lurk in Application Control code or result from improper configuration.

ATM Malware Attack Research Statistics

According to the researchers, 85 percent of the tested ATM devices can allow cybercriminals to access the network by unplugging and tapping into Ethernet cables, or by spoofing wireless connections. 27 percent of the tested machines were prone to spoofing, and 58 percent had security flaws in their network components that allowed for remote control.

Related:
The FBI is warning banks of cybercriminals about to carry out a highly choreographed, global fraud scheme known as an ?ATM cashout".
Highly Choreographed ATM Cashouts Expected to Hit Banks

23 percent of the machines can be successfully exploited by aiming at other network devices connected to the ATM in question. Such devices can be GDM models or routers. As explained in the report, consequences of these attacks include disabling security mechanisms and controlling output of banknotes from the dispenser. What is most concerning is that a network type of attack can be executed in less than 15 minutes.

For full technical disclosure, refer to the full report.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...