- Joined
- May 15, 2016
- Messages
- 16,684
- Likes
- 2,644
- Points
- 1,730
In addition, as indicated in the Central Bank, in Russia, attacks of the blackbox type, as well as attempts of attacks of the “direct dispensation” type, are still recorded.
The blackbox attack usually begins with opening the front panel of the ATM and connecting some third-party device. Most often, such a device is an adapter - interface converter. The adapter via USB cable connects to a laptop computer. As a rule, it is inexpensive, second-hand netbooks that attackers do not mind throwing at the site of the attack. A remote administration program is installed on the computer, for example TeamViewer, with which an accomplice who is located at a distance (or an organizer) connects to a program that interacts with an ATM dispenser.
“From such impacts, it can additionally protect the inclusion of encryption of data transferred between the dispenser and the ATM system unit, but it is not always used on older ATMs or located in regions remote from the federal center,” the Central Bank notes.
According to the company Positive Technologies, which participated in the preparation of the review of the Central Bank, the main types of attacks that were recorded in Russia in 2018 are blackbox (implying the ability to directly connect your device to the dispenser, which is programmed to send commands for issuing bills) and access to ATM from inside the local network of the bank.
The results of the analysis of the security of ATMs, which was conducted in 2017-2018, show that 69% of ATMs are vulnerable to an attack like blackbox. The reason in 50% of cases is the use of insufficiently reliable encryption between the dispenser and the operating system, in another 19% the lack of protection measures against the blackbox.
It is also reported that access to the management of ATMs from the internal network during the tests was obtained in 25% of banks due to the low level of security in their internal network. In addition, interrogation of data from the magnetic strip of the card was possible in all the ATMs studied.
The blackbox attack usually begins with opening the front panel of the ATM and connecting some third-party device. Most often, such a device is an adapter - interface converter. The adapter via USB cable connects to a laptop computer. As a rule, it is inexpensive, second-hand netbooks that attackers do not mind throwing at the site of the attack. A remote administration program is installed on the computer, for example TeamViewer, with which an accomplice who is located at a distance (or an organizer) connects to a program that interacts with an ATM dispenser.
“From such impacts, it can additionally protect the inclusion of encryption of data transferred between the dispenser and the ATM system unit, but it is not always used on older ATMs or located in regions remote from the federal center,” the Central Bank notes.
According to the company Positive Technologies, which participated in the preparation of the review of the Central Bank, the main types of attacks that were recorded in Russia in 2018 are blackbox (implying the ability to directly connect your device to the dispenser, which is programmed to send commands for issuing bills) and access to ATM from inside the local network of the bank.
The results of the analysis of the security of ATMs, which was conducted in 2017-2018, show that 69% of ATMs are vulnerable to an attack like blackbox. The reason in 50% of cases is the use of insufficiently reliable encryption between the dispenser and the operating system, in another 19% the lack of protection measures against the blackbox.
It is also reported that access to the management of ATMs from the internal network during the tests was obtained in 25% of banks due to the low level of security in their internal network. In addition, interrogation of data from the magnetic strip of the card was possible in all the ATMs studied.