• Understanding Cyber-Attacks on Banks and the Current Cybersecurity Landscape

    What is the current cybersecurity landscape in banking? ATMs and central servers, which are the systems that control ATMs, have become a popular target for cyber-attacks, and the pressing issue is growing worldwide. 58.16% of respondents to the ATMIA Global Fraud and Security Survey 2019 assessed that over the latest year ATM attacks, which includes both physical security breaches and fraud incidents, increased (compared to the 2017 figure of 53.85%).

    Such ATM fraud attacks can be distinguished in:

    • Data fraud, resulting from data breach, such as account numbers, pin codes, and other
      personal data
    • Physical fraud, consisting of theft of valuable assets, such as cash by stealing cards
    • Cyber fraud – logical attacks to the systems and communications

    An increasingly popular form of cyber-attack is the process of exploiting the physical and software-
    based vulnerabilities of ATMs to get cash, known as ‘jackpotting’, as it results in an immediate
    reward. In just the last five years, financial organisations have lost millions to jackpotting. The
    Ploutus family of ATM malware alone, which originally appeared in Mexico in 2013, has created
    losses of over 450 million dollars (€398 million) around the world.

    Elida Policastro, Regional VP of the Cybersecurity division at Auriga, analyses the current cybersecurity landscape and what banks can do to protect their ATM systems from cyber-attacks.

    The current era of digital banking offers lots of benefits to customers and such as a variety of app-based services. However, evolving technologies increase both the risks of new kinds of cyber-attack happening as well as the effectiveness of potential countermeasures and security solutions. Hence, there’s a need to stay ahead of the game by anticipating new methods of attack so that innovative solutions can be put in place in time to minimise those changing risks. In particular, the ATM ecosystem is complex with its heterogeneous hardware and software that is expensive and difficult to update – ATMs and customer touchpoints need to be available 24/7. Because of this, financial organisations usually don’t have the latest security policies in place, nor a centralised view of their attack surface. It is imperative they strike the balance between software deployment and hardware maintenance with keeping control of changes in software and hardware and ensuring it is as secure as possible.

    ATMs are subject to both physical and logical attacks for a number of reasons: one is that the
    physical cash inside acts as an incentive, and another is that cash machines contain confidential
    information like debit card numbers and PIN codes, which can be stolen and sold. ATMs are also
    appealing to attackers because they are often poorly monitored – little logical action is taken to
    protect the data in them. In addition, cyber-criminals have also realised that ATM networks are one
    of the weakest links in a bank’s security infrastructure, due to the fact that there is a lot of legacy
    hardware and software in ATM networks. This is because of the high cost of upgrades and difficulty
    to install. Unfortunately, this results in insecure systems that can be easily exploited.
    On top of all of that, there are a lot of actors responsible for ATM upkeep that have administration
    rights, including employees from the financial institutions, service providers, developers and
    installers, meaning there is a real risk of insider threat.

    One of the main ways cyber adversaries attack ATMs is via the ‘XFS layer’, a standard interface
    designed to have multivendor software running on manufacturers’ ATMs and other hardware. While
    the XFS layer uses standard APIs to communicate with self-service applications, there is no standard
    way of secure authenticating that comes with it, making it easy for cyber-criminals to exploit this vulnerability. Cyber-attackers can, therefore, deploy malware into banking touchpoints such as cash
    machines to trick them into giving ‘cash out’ commands and dispense money. The card reader may
    also be compromised – able to steal card numbers and track the pin pad to learn pin numbers,
    making the XFS layer a very attractive target. The importance of cybersecurity in banking is therefore
    only going to increase.

    When it comes to ATMs, typical endpoint protection security such as anti-malware technology is just
    not enough. ATM networks and systems are critical infrastructure devices – they need to be
    constantly available and so they require greater protection and a different approach. Financial
    institutions entail a centralised security solution that protects, monitors, and controls ATM networks
    from a central location so they can manage their entire banking asset network in one place and take
    appropriate action, such as stopping malware spreading throughout the network from infected

    Such modern technology solutions not only provide invaluable cybersecurity protection – they can
    also save banking organisations time and money, as ATM and infrastructure management is
    centralised into a single hub and actions can be executed remotely to quickly establish new defences
    via techniques such as network segmentation or implementing new firewalls.
    It is particularly important for banks to have several layers of protection in one single platform. Such
    layers could involve full disk encryption, application whitelisting, hardware protection and file
    integrity protection. To check the security plans and processes, banks should be assessed by
    specialised security consultancies. Although financial organisations are making a concerted effort to
    improve their security landscape, cyber-criminals are continuing to innovate their attacks, making it
    an environment of threats that is evolving and advancing. From this, organisations have to
    constantly be proactive in implementing and testing their cyber-defences.

    Cyber Threat Intelligence (CTI) can be used as an early warning system to detect and contain
    potential threats before they become incidents. This intelligence is essential for any businesses as
    cybersecurity threats become increasingly indiscriminate. Once they become aware of any relevant
    threats and vulnerabilities, then they will begin to understand where and how these can be
    exploited, as well as the impact this may have on both the business and individuals. Awareness of
    the threat landscape is vital for banks to understand what could be exploited and utilised for future
    cyber-attacks. If they don’t, they open themselves up to the very real possibility of experiencing
    security breaches, loss of sensitive customer data and of course stolen cash.

    The post Understanding Cyber-Attacks on Banks and the Current Cybersecurity Landscape appeared first on The Fintech Times.

    Join the Discussion

    Your email address will not be published. Required fields are marked *

    Back to top