Protecting ATMs from cyber fraud and hacking.
A guaranteed security solution for all types of ATM systems.
According to the ATM Industry Association (ATMIA), the level of “sophisticated” cyber threats against ATMs systems ranked third after traditional threats such as skimming and physical attacks on ATMs.
Since 2014, there has been a steady increase in the variety of cyber attacks on ATMs using specialized malware, and has become widespread in terms of both the number of attacks and the geography of their execution.
Terminal-Related Fraud attacks alone (terminal-related attacks involving skimmers and cancellation fraud) generate criminals between € 250 million and € 350 million a year in Europe.
Works on legacy operating systems such as Windows XP with over 10,000 known vulnerabilities. All vulnerabilities found after the end of support will forever remain "zero-day vulnerabilities".
Working with outdated software. For example, criminals can hack a system through the outdated Adobe Flash Player with already known 9 thousand bugs, or in tools for remote device control, etc.
Lack of additional encryption of data transmitted between the ATM and the processing center, and / or the Message Authentication Code value in transaction requests and responses, etc.
The ATM operating system does not have software integrity control, the system is not protected by antivirus, and it does not provide a mechanism for authorizing applications that send a command to issue cash.
The modules inside the ATMs are connected to each other using standard interfaces such as COM and USB. Sometimes some of them can be accessed from outside.
Weak protection of the main PCs in banking networks for connecting ATMs to the processing centers of banks, which is why remote attacks on the whole ATM network via the Internet are possible.
Unlike technically sophisticated attacks on the IT infrastructure of banks, carried out by an organized group of professionals with a high level of knowledge and lengthy training, attacks directly on ATMs are carried out usually sporadically.
Criminals in such cases are often loners or chaotically assembled small groups who, after such attacks, "lie low" or disband. This shows the useless protection of ATMs using classical methods, and the only way to resist such targeted attacks is to install “smart” protection systems on each ATM of the constantly expanding banking network.
One-off methods of protection will not help banks resist such hacks. Security assurance is a constant process that needs to be adjusted, improved, "tightened up". After all, as in other areas of cybercrime, attackers are constantly improving and developing their skills in infecting ATMs.
To protect against cyber attacks on ATM systems, Cyber Security Group offers high-tech "Mount" software designed to protect ATMs from various attacks aimed at unauthorized disbursement of funds.
"Mount" from Cyber Security Group provides:
Integration of "Mount" with specialized software allows you to control its integrity, establish protection against changes in program code and data stored locally, including temporary application files.
"Mount" is a complex software product containing all the necessary set of elements for full protection of ATM software without the need to install or purchase of other modules and components.
Our product is optimal for protecting self-service devices using both low and high speed communication channels.
To ensure cyber security, it is necessary to assess the level of risks associated with the use of certain families of ATMs, the compliance of their software and hardware systems with the modern requirements of manufacturers and international security standards.
Further, CSG specialists conduct a comprehensive security audit of the ATMs park, including:
The purpose of these works is to identify areas at risk of security breaches and develop measures to reduce financial losses from fraudulent activities using ATMs, as well as to increase the protection of the banking network from attacks directed from the ATM network..
The solution of the following tasks guarantees the achievement of the specified goal:
The duration and cost of such services directly depends on the number and ramification of the ATM fleet, operating modes of ATMs, and the quality of the entire network.
Security audit of the ATM network allows assessing the current level of security and determining further steps to improve the security level by eliminating the identified vulnerabilities.
With Cyber Security Group "Mount" as a Service, you can choose the type of deployment that best suits your business priorities and budget.
We have an individual approach to each client, so we always find a profitable option for your protection.