Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,381
- Points
- 113
Almost any ATM today can be hacked fairly easily by cybercriminals using malware, and sometimes even without it. And all because of the outdated software used in ATMs, errors in network settings and the lack of basic physical protection of important components of these machines.
These conclusions were made by experts at Kaspersky Lab following a study of the security of ATMs from leading global manufacturers. For example, over the past 2 years, just as part of the sensational cyber robberies Tyupkin and Carbanak, criminals have been able to steal hundreds of millions of US dollars through ATMs around the world.
An ATM is primarily a computer, and often it runs on extremely outdated software. As Kaspersky Lab found out, most modern ATMs are still based on the no longer supported Windows XP operating system. This means that new vulnerabilities in these systems will never be eliminated. But this is not so bad.
In most cases, the special software responsible for the interaction of the ATM system unit with the banking infrastructure and hardware modules that process transactions runs on the XFS standard. This is an old technology originally designed to standardize the software used in ATMs so that it works on any device, regardless of manufacturer. The security of the technology was not a priority, so XFS still does not have any authorization to execute commands. Therefore, any application installed or running on the ATM can send a command to any unit of the machine, including a card reader or dispenser. And this opens a direct path to money for carders.
Nevertheless, carders do not always need malware. According to the observations of Kaspersky Lab experts, many ATMs lack physical protection. The manufacturers of the devices took care of securing the lower part of the ATM - the safe where the money is kept, but the upper part of the machine - the so-called cabinet - where, in fact, the computer is located, they did not consider it necessary to protect. Therefore, attackers can often easily gain access to the system unit or ATM network cables.
In the event of penetration into the ATM, cybercriminals can install their specially programmed microcomputer - the so-called black box, which allows them to remotely control the machine. Thus, they can, for example, direct the ATM network traffic to a fake processing center, which will send any commands of the attackers to the controlled machine.
Of course, the connection between the ATM and the processing center can be protected, for example, using hardware or software VPN, SSL / TLS encryption, firewall, or MAC authentication implemented in xDC protocols. However, these measures are not often used by banks.
“Our research has shown that the industry is starting to think about protecting ATMs. And while some manufacturers have already begun to develop safer machines, banks are reluctant to switch to them, continuing to use older and unsafe models. This is why we are seeing such a rapid increase in ATM attacks today. And since banks are not ready for them, they and their clients suffer huge financial losses, ”said Olga Kochetova, senior specialist of the penetration testing department of Kaspersky Lab. - We believe that the current situation was the result of the conviction of financial institutions that cybercriminals are only interested in Internet banking systems. Yes, of course it is, but attacks on ATMs significantly shorten the path to money and, therefore, cannot but attract the attention of carders."
These conclusions were made by experts at Kaspersky Lab following a study of the security of ATMs from leading global manufacturers. For example, over the past 2 years, just as part of the sensational cyber robberies Tyupkin and Carbanak, criminals have been able to steal hundreds of millions of US dollars through ATMs around the world.
An ATM is primarily a computer, and often it runs on extremely outdated software. As Kaspersky Lab found out, most modern ATMs are still based on the no longer supported Windows XP operating system. This means that new vulnerabilities in these systems will never be eliminated. But this is not so bad.
In most cases, the special software responsible for the interaction of the ATM system unit with the banking infrastructure and hardware modules that process transactions runs on the XFS standard. This is an old technology originally designed to standardize the software used in ATMs so that it works on any device, regardless of manufacturer. The security of the technology was not a priority, so XFS still does not have any authorization to execute commands. Therefore, any application installed or running on the ATM can send a command to any unit of the machine, including a card reader or dispenser. And this opens a direct path to money for carders.
Nevertheless, carders do not always need malware. According to the observations of Kaspersky Lab experts, many ATMs lack physical protection. The manufacturers of the devices took care of securing the lower part of the ATM - the safe where the money is kept, but the upper part of the machine - the so-called cabinet - where, in fact, the computer is located, they did not consider it necessary to protect. Therefore, attackers can often easily gain access to the system unit or ATM network cables.
In the event of penetration into the ATM, cybercriminals can install their specially programmed microcomputer - the so-called black box, which allows them to remotely control the machine. Thus, they can, for example, direct the ATM network traffic to a fake processing center, which will send any commands of the attackers to the controlled machine.
Of course, the connection between the ATM and the processing center can be protected, for example, using hardware or software VPN, SSL / TLS encryption, firewall, or MAC authentication implemented in xDC protocols. However, these measures are not often used by banks.
“Our research has shown that the industry is starting to think about protecting ATMs. And while some manufacturers have already begun to develop safer machines, banks are reluctant to switch to them, continuing to use older and unsafe models. This is why we are seeing such a rapid increase in ATM attacks today. And since banks are not ready for them, they and their clients suffer huge financial losses, ”said Olga Kochetova, senior specialist of the penetration testing department of Kaspersky Lab. - We believe that the current situation was the result of the conviction of financial institutions that cybercriminals are only interested in Internet banking systems. Yes, of course it is, but attacks on ATMs significantly shorten the path to money and, therefore, cannot but attract the attention of carders."
