Hampering the ATM software with logical attacks
Hampering the ATM software is considered as a logical ATM attack. Logical attacks allow cyber-criminals to alter the ATM software. The cyber-criminals use external malware or electronic devices to conduct logical ATM attacks to gain physical access to the cash dispenser. Once the criminal gains access to the cash dispenser, they can steal money from ATM. The process is also called as jackpotting or cash out.
The cyber-criminals hamper the ATM software and generally collect the card and details of the ATM users to prepare fake credit and debit cards. The duplicate credit and debit cards are later used to carry out fraud at the point of sale terminals. The criminals intended to hamper the ATM software look for new ways to gain access to the card data or cash. Therefore, it is essential to upgrade the ATM software regularly to stop logical attacks on ATMs.
Various logical attacks on ATM software are as follows.
Man-in Middle attack
The man-in middle attacks focus on the communication between the host and the ATM PC. The man-in-middle malware can fake the host response for the transactions without debiting the money from the account. The man-in middle malware is remotely installed within the network or at the highest software layer of the ATM PC.
Data Sniffing Attacks
In data sniffing attacks, the malware can only operate on specific operating systems. The malware installed on the ATM records the magnetic stripe information of the card. The cyber-criminals then use this information to conduct illegal activities.
Skimming with Spoofing
The cyber-criminals combine two ATM cyber-attacks, namely skimming and spoofing, to conduct the ATM attacks. They gain user information using the skimming attacks, and the later makes the spoof phone calls to the users and collect other essential data.
Measures to identify logical attacks
Unexpected system reboots during the middle of the transactions can turn out to be a malware attack.
• A significant gap in the audit logs, where the transaction history record is missing, is a hint of logical attacks.
• If the cash dispenser of ATM is out of cash unexpectedly within a short amount of time, it is another indication.
• Loss of communications with ATM security system and irregular recordings in the CCTV footages are the sign of illegal activity.
Physical attacks on ATM
Physical attacks on ATMs are considered risky, as it not only leads to financial losses but also involves the risk to property and life. The physical attack involves solid and gas explosives attacks, along with physical removal of ATM from the site and later using other techniques to gain access to the cash dispenser.
Gas attacks on ATM
The gas attacks conducted on ATMs aim to break open the safe door of the ATMs. One of the gas attacks involves attaching solid explosives to the outer side of the safe doors. Gas attacks can create serious social problems and collateral damage to the building and ATM equipment. This type of attack, conducted using the combustion of gas or solid explosive, can cause damage and allow the explosive charge to inject and explode inside the ATM safe, resulting in the breakdown of the walls in ATM safe and allowing criminals to access the cash. Some of the solid explosives used in physical ATM attacks are dynamite, C4, power gel, and gelignite.
• Various methods followed by the criminals to introduce explosives inside the ATM through a depository or dispenser interface:
• Breaking or bending the shutters of ATM safe using tools, such as a crowbar, allows criminals to install explosives inside the ATM.
• Cutting or drilling a hole in or beside the ATM shutters helps them to introduce the explosives.
• Performing ATM transaction opens the shutter of ATM cash dispenser, which allows the criminals to introduce the explosive.
Ram raiding
Ram raid ATM attack is an attempt to remove the ATM and its elements from its original location. The ram raids usually involve motor vehicles smashing and ripping down the ATM from its place. Criminals generally prefer early morning to conduct ram-raid attacks.
Replenishment attacks
Replenishment attack is a physical ATM attack, where-in the ATMs are attacked for the cash when the staff opens the ATM safe to remove cassettes or when the ATM funds are transported in vehicles through the insecure areas.
Measure to reduce the physical attacks:
• Introducing an audio alarm or screamer that detects the gas attacks will notify the bank about irregular activities observed in the ATM.
• The door swipe or keypad system installed on the doors of ATM can ensure secure transactions.
• The ATMs located in remote areas can be supported by proper physical security.
• A smoke/heat sensor can be installed inside the ATM, to detect the oxy-acetylene or burring bar attacks on ATMs.
• CCTVs and monitoring the alarm will make it difficult for criminals to tamper the ATM.
• The penetration mats in ATM should detect the facial or shutter damage in ATM.
• The durable cable plugs in ATM will stop the gas pipes and solid explosive insertion.
• Cladding or explosion absorbing elements can be introduced inside the ATM safe, to reduce the effect of gas attacks.
To protect your ATM network from fraud, the banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.