Protecting ATMs from cyber fraud and hacking.

A guaranteed security solution for all types of ATM systems.

Сrowbar is
Not Needed to
Hack ATM

According to the ATM Industry Association (ATMIA), the level of “sophisticated” cyber threats against ATMs systems ranked third after traditional threats such as skimming and physical attacks on ATMs.

Since 2014, there has been a steady increase in the variety of cyber attacks on ATMs using specialized malware, and has become widespread in terms of both the number of attacks and the geography of their execution.

Terminal-Related Fraud attacks alone (terminal-related attacks involving skimmers and cancellation fraud) generate criminals between € 250 million and € 350 million a year in Europe.

Modern ATMs have become an easy source of quick money for criminals. Below are just a few of the many possible causes of ATM hacking:

  • Installed old OS

    Works on legacy operating systems such as Windows XP with over 10,000 known vulnerabilities. All vulnerabilities found after the end of support will forever remain "zero-day vulnerabilities".

  • Installed old software

    Working with outdated software. For example, criminals can hack a system through the outdated Adobe Flash Player with already known 9 thousand bugs, or in tools for remote device control, etc.

  • Processing center vulnerability

    Lack of additional encryption of data transmitted between the ATM and the processing center, and / or the Message Authentication Code value in transaction requests and responses, etc.

  • No integrity control

    The ATM operating system does not have software integrity control, the system is not protected by antivirus, and it does not provide a mechanism for authorizing applications that send a command to issue cash.

  • Connecting modules

    The modules inside the ATMs are connected to each other using standard interfaces such as COM and USB. Sometimes some of them can be accessed from outside.

  • Internet communication

    Weak protection of the main PCs in banking networks for connecting ATMs to the processing centers of banks, which is why remote attacks on the whole ATM network via the Internet are possible.


Unlike technically sophisticated attacks on the IT infrastructure of banks, carried out by an organized group of professionals with a high level of knowledge and lengthy training, attacks directly on ATMs are carried out usually sporadically.

Criminals in such cases are often loners or chaotically assembled small groups who, after such attacks, "lie low" or disband. This shows the useless protection of ATMs using classical methods, and the only way to resist such targeted attacks is to install “smart” protection systems on each ATM of the constantly expanding banking network.

One-off methods of protection will not help banks resist such hacks. Security assurance is a constant process that needs to be adjusted, improved, "tightened up". After all, as in other areas of cybercrime, attackers are constantly improving and developing their skills in infecting ATMs.

In the video below, a Cyber Security Group specialist shows the bank employees one of the contactless ways to hack an ATM and receive all the cash. It takes seconds for attackers to do this.

ATM Protection
"Mount" System

To protect against cyber attacks on ATM systems, Cyber Security Group offers high-tech "Mount" software designed to protect ATMs from various attacks aimed at unauthorized disbursement of funds.

"Mount" from Cyber Security Group provides:

  • preventing unauthorized physical access to the ATM;
  • prohibition of third-party software installation;
  • making changes to the register;
  • connecting unreliable / extraneous devices (laptops, USB-drives, CD / DVD-drives, etc.);
  • flexible configuration of user rules for both individual applications and their groups;
  • own management system for deploying and changing control policies;
  • and much more.

Integration of "Mount" with specialized software allows you to control its integrity, establish protection against changes in program code and data stored locally, including temporary application files.

"Mount" is a complex software product containing all the necessary set of elements for full protection of ATM software without the need to install or purchase of other modules and components.

Our product is optimal for protecting self-service devices using both low and high speed communication channels.

How Cybersecurity Experts start implementing "Mount"

To ensure cyber security, it is necessary to assess the level of risks associated with the use of certain families of ATMs, the compliance of their software and hardware systems with the modern requirements of manufacturers and international security standards.

Further, CSG specialists conduct a comprehensive security audit of the ATMs park, including:

  • - an assessment of the cybersecurity of ATMs and the ATM network as a whole;
  • - checking the intended use of ATMs;
  • - verification of the capabilities of objective control systems;
  • - check of rapid response systems;
  • - determination of the levels of risks associated with any place of physical location of objects of the ATM-terminal network.

The purpose of these works is to identify areas at risk of security breaches and develop measures to reduce financial losses from fraudulent activities using ATMs, as well as to increase the protection of the banking network from attacks directed from the ATM network..

The solution of the following tasks guarantees the achievement of the specified goal:

  • performing a penetration test, which can be performed with little or no preliminary examination (for example, on a test sample, with a hard disk reference image);
  • penetration testing with full access to systems (ATM host penetration test);
  • assessment of compliance with vendor recommendations, ATMIA requirements, PCI DSS and PCI ATM security guidelines;
  • development of an action plan to eliminate identified vulnerabilities and inconsistencies;
  • development of necessary organizational and administrative documents (OAD), regulating policies, procedures and standards for ensuring the security of the ATM network;
  • implementation of information security tools necessary to ensure compliance with vendor recommendations, ATMIA and ATM security guidelines, and eliminate identified vulnerabilities;
  • assessment of the implementation of the action plan to eliminate the identified vulnerabilities and inconsistencies;
  • retesting to assess the effectiveness of the implemented measures and controls;
  • development of recommendations for further improvement of the ATM network protection system.

The duration and cost of such services directly depends on the number and ramification of the ATM fleet, operating modes of ATMs, and the quality of the entire network.

Security audit of the ATM network allows assessing the current level of security and determining further steps to improve the security level by eliminating the identified vulnerabilities.

See how we can help you to protect ATM.

a "Mount"

With Cyber Security Group "Mount" as a Service, you can choose the type of deployment that best suits your business priorities and budget.

We have an individual approach to each client, so we always find a profitable option for your protection.