Pakistan Information Technology.

Defending against fraud and cyberattacks is not an easy task for banks; but new technologies and strategies, including runtime application self-protection (RASP), behavioral biometrics and machine-learning-based analytics, are allowing financial institutions to reduce their fraud losses while enhancing their customer experience.

    Explore today's threat landscape;
    Share fraud trends revealed from recent analyst surveys;
    Provide best practices for reducing fraud through intelligent authentication.

Attendees will walk away with perspective about what they should be doing to build trust, expand the services they offer through digital and mobile channels, and improve customer experience.

Criminals in Mexico have added endoscopes to their ATM-attack toolkits. The technology, originally developed 150 years ago to help doctors look inside bodies, and later updated with lights and cameras, is now being used to trick ATM sensors into dispensing all of their funds, manufacturer NCR warns.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

NCR says it's so far seen the technology used only in Mexico as part of an attack campaign involving black boxes, which get plugged into a cash machine and instruct it to dispense cash on demand in what is referred to as a jackpotting or cash-out attack.

So far, at least one of these attacks was successful, NCR says, noting that attackers were able to gain physical access to the device. "In this new attack, free-standing ATM models were targeted," according to a Friday alert issued by NCR. "Criminals accessed the top box to connect a black box controller. Additionally, criminals opened the ATM front door and removed the dispenser shutter to provide physical access to the safe."
USB endoscope; not suitable for medical use. (Photo: Finn Årup Nielsen)

NCR's alert adds: "Endoscope technology was then inserted through the cash exit opening in the safe to manipulate sensors in the dispenser to simulate physical authentication." This bogus authentication allowed the black box to instruct the ATM to dispense cash, it adds.

Security experts have long warned that all ATMs should be installed in well-monitored locations and ATM enclosures well secured and alarmed, because attackers who are able to gain physical access to the inside of an ATM enclosure can wage ATM attacks, although other attack techniques are also available (see Attackers 'Hack' ATM Security with Explosives).
Emergency Firmware Update Issued

Since discovering the black box attack that uses an endoscope, NCR has created an emergency firmware update that appears to block the attack in full. "We have not seen any successful attacks on units with the updated firmware," NCR says, adding that "any customer who may be concerned about an immediate threat of black box [attacks]" should contact it directly to receive a copy of the new firmware

But NCR says that all ATMs must also comply with NCR's "level 3" dispenser protection guidelines, which defend against black box attacks by encrypting internal communications.

"Encrypting the communications between the ATM core and the dispenser will prevent black box attacks," NCR's guidance states. "If attackers attempt to send commands to the dispenser directly, the dispenser will recognize these commands as invalid. Only commands from the ATM software stack will be authenticated and processed by the dispenser."

ATMs that do not comply with these guidelines will remain at risk from black box attacks, even if ATM deployers install the emergency firmware update, NCR warns.
Full Update Coming Soon

NCR says the updated firmware will be part of a general update that it plans to release in three months. "NCR will release a general global update for the currency dispenser in January 2018 which will contain enhancements to the physical authentication options," it says. "This update will be included in all future releases of NCR APTRA XFS platform software."

Some older ATMs from NCR, however, will not get a firmware fix. "This update is not applicable to Personas ATMs due to limitations in the capabilities of this older technology," NCR says. It recommends that customers "plan a migration to newer models of ATMs to ensure they are able to deploy the most current security solutions."
Black Box Attacks Surge in Europe

The warning over black box attacks being paired with endoscopes in Mexico comes as the European Association for Secure Transactions, or EAST, warns that in the first six months of the year, black box attacks have surged, at least in Europe.

In the first half of this year, there were 114 black box attacks reported against ATMs in Europe, it says. This represents a three-fold increase from the 28 attacks reported during the same period in 2016.

EAST's data comes via authorities in 21 countries: Austria, Belgium, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Liechtenstein, Luxembourg, Netherlands, Norway, Portugal, Romania, Spain, Sweden, Switzerland, United Kingdom. Those countries have a collective installed base of more than 373,000 ATMs.