4 minute read
Assessing The Current
Assessing the current cybersecurity landscape: Cyber-attacks targeting banks
In our current digital age, banks are able to offer a variety of benefits and plenty of app-based services to customers. That said, new technology innovations are actually augmenting the surface area for risks of new kinds of cyber-attacks to take place and therefore limiting the effectiveness of potential countermeasures and security solutions.
Therefore, there is an imperative need (now more than ever) to stay ahead of the game by pre-empting new forms of attack so that evolving technologies can be put in place before any changing risks can occur. Especially with the intricacy of the ATM ecosystem, with its heterogeneous hardware and software that are both expensive and difficult to update. As ATMs and customer touchpoints need to be available 24/7, financial organisations typically do not have the latest security policies in place, nor a centralised view of their attack surface. It is critical that banks strike the balance between software deployment and hardware maintenance, whilst simultaneously keeping control of changes in software and hardware and ensuring it is as secure as possible.
Taking a deep-dive into the current cybersecurity landscape in the financial services sector, ATMs and central servers that control ATMs have become a popular target for cyber-attacks. The pressing issue is growing worldwide, given that 58.16% of respondents revealed to the ATMIA Global Fraud and Security Survey 2019 that over the latest year ATM attacks for both physical security breaches and fraud incidents increased (compared to 53.85% in 2017). These types of ATM fraud attacks can be distinguished as follows:
- Data fraud – derived from data breaches, such as account numbers, pin codes, and other personal data
- Cyber fraud – logical attacks to the systems and communications
There has been a rise in cyber-attacks that exploit the physical- and software-based vulnerabilities of ATMs to obtain cash, known as ‘jackpotting’, as it results in an immediate reward. Over the last five years, financial organisations have already lost millions to jackpotting. For example, the Ploutus family of ATM malware has caused losses of over 450 million dollars (€398 million) across the globe.
ATMs fall victim to both physical and logical attacks for several reasons, such as the fact that physical cash inside acts as an incentive. Plus, cash machines store confidential information, like debit card numbers and PIN codes, which can be stolen and sold. As ATMs are not strictly surveilled, they become an appealing target – there is very little logical action taken to protect the data in them. On top of that, cyber-criminals also realise that an ATM networks’ legacy hardware and software makes it one of the weakest links in a bank’s security infrastructure. This is due to the high cost of IT upgrades and tricky installations, which leads to insecure systems that can be easily exploited.
In addition, be aware that the numerous actors responsible for ATM upkeep that have administration rights pose a real risk of insider threat, which involves employees from the financial institutions, service Cyber-adversaries typically attack ATMs via the ‘XFS layer’, which is a standard interface designed to have multivendor software running on manufacturers’ ATMs, as well as other hardware. Although the layer uses standard APIs to communicate with self-service applications, there is actually no standard way of secure authenticating available – therefore, making it easy for cyber-criminals to exploit this vulnerability. Cyber-attackers deploy malware into banking
touchpoints, such as ATMs, to dupe them into activating ‘cash out’ commands and dispensing money. Likewise, the card reader may also be compromised – fraudsters are able to steal card numbers and track the pin pad to copy pin numbers, making the XFS layer a very attractive target.
Standard endpoint protection security, such as anti-malware technology, is not enough to protect consumers and financial institutions. Cash machine networks and systems are core to the infrastructure devices – they need to be available 24/7, and so they require added protection and a personalised approach. Financial institutions require a centralised security solution that protects, monitors, and controls all ATM networks from a central location. This allows the organisations to manage and oversee their entire banking asset network in one place and take appropriate action, such as preventing malware spreading throughout Innovative technology solutions are invaluable to financial institutions’ cybersecurity protection as it is both time- and cost-effective. ATM and infrastructure management can now be centralised into a single hub and actions can be executed remotely to quickly establish new defences, via techniques including network segmentation and the implementation of new firewalls.
It is crucial that banks have several layers of protection in one single platform available – the layers could include full disk encryption, application whitelisting, hardware protection, and file system integrity protection. In order to check the security plans and processes, banks will need to enlist the help of specialised security consultancies. Indeed, financial organisations are making a concerted effort to enhance and modernise their security landscape, but cyber-criminals are constantly finding new methods of attack. As the threat environment is evolving and advancing non-stop, banks have to be proactive in implementing and testing their cyber-defences.
Therefore, awareness of the threat landscape is essential for understanding what could be potentially exploited and utilised by cyber-criminals. If banks fail to do this, they massively increase their chances of experiencing security breaches, loss of sensitive customer data, and of course stolen cash.
Elida Policastro, Regional VP,Cybersecurity Division, Auriga
Source: 1 https://www.atmia.com/news/atmias-atm-securityassociation-releases-global-fraud-and-security-surveyresults/9521/ 2 https://www.zingbox.com/blog/ploutus-d-malware-turnsatms-into-iot-devices/
