This is the last installment in a three-part series on ATM security. If you have not read my first two blogs or want to take another look at them, you can revisit part one on physical security
and part two on data security
In my last blog I looked at the potential consequences of data attacks that do not create the visible destruction of physical attack scenarios but still have detrimental effects on all parties affected. This can also be said for cyberattacks – especially those that take place remotely. Attackers no longer even need to be in the same vicinity as their target; a challenge for those of us aiming to protect financial institutions.
But first, what is cybersecurity? It is defined as the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. There are several subcategories like network security, information security, and many others, but what is concerning is the rising number of attacks across the globe. Accenture
found a 31% increase in the average number of cyberattacks per company between 2020 and 2021. And it is not just the frequency that’s concerning. Cyberattacks have continuously become more sophisticated – morphing into what can be referred to as cyberwarfare that aims at disrupting the critical infrastructure of its targets – of which the access to cash and thus the ATM are a part.
Mind you, it does not even have to be on a national scale: all fraud and security incidents aimed at gaining physical and/or digital access to the systems and communications data and the ATM cash are considered cyberattacks at the ATM. In the past the main target was user data, but with the development and expansion of devices that are connected to the Internet of Things (IoT), hackers can now also gain the ability to operate IoT connected devices remotely or shut them off. For example, in 2018 a coordinated malware attack succeeded in making ATMs in 28 countries dispense a total amount of $13.5 million without authorization.
So, why not build ATMs that are completely cut off from any network? Unfortunately, this is easier said than done. Visions of future ATMs specifically include this connectivity, and there are good reasons for that. The demand for a more connected and more integrated banking experience is strong, and the higher connectivity also improves monitoring while lowering costs considerably. Meaning users, staff, deplorer's and financial institutions benefit from more connected ATM fleets. The added convenience and efficiency are just too great to pass up.
Additionally, access from external hackers is not the only issue. Attacks may also come from within a financial institution. There is the less sinister possibility of staff members leaving weaknesses on accident or out of negligence, which can then be exploited by attackers, but it is also possible that an employee decides to go rogue and misuse his access for personal gain. As such, user management is also an important topic when we talk about cybersecurity.
Consequently, an effective cybersecurity strategy is necessary to secure the self-service channel. As with all attack types, the key is a comprehensive multi-layer strategy to ward against possible attack scenarios. However, cybersecurity – despite the possibility of remote attacks – is not one size fits all, and a careful assessment of the risk landscape should create the base for any security strategy.
Consider that some cyberattacks, like black box attacks, do require access to the head compartment of the ATM. To prevent these physical protections
that we have looked at before are an effective deterrent:
An enforced chassis to make access more difficult and time-consuming.
A surveillance system to alert authorities quickly.
An advanced alarm system with multiple sensors to detect attacks sooner.
As we have already explored with cyberattacks, physical access is not the only way attackers can manipulate the ATM. Protecting the software on the ATM from manipulation is just as important. With zero trust based
, purpose-built products you can secure your ATM fleet. To this end Diebold Nixdorf has developed its Vynamic® Security Suite:
Vynamic Security Intrusion Protection: No organization is free from vulnerability, which allows the perpetrators to launch attacks that could infiltrate a self-service environment. Vynamic Security Intrusion Protection delivers protection against known and unknown – ZeroDay – attacks. By following modern security approaches, and implementing sandboxing procedures that go beyond traditional whitelisting, security can be greatly improved.
Vynamic Security Access Protection: Over-permissive services or users, or security loopholes in the standard Windows® logon process can potentially create a security exposure, disruption of service,
or adversely impact an organization's reputation. Prevent tampering, data misuse and unauthorized access, and ensure that Windows-based devices run smoothly. It is critical that financial institutions and retail organizations set up appropriate access mechanisms and safeguards.
Vynamic Security Hard Disc Encryption: In some attack scenarios criminals steal the hard disk of the self-service device. By doing so they gain access not only to so-called “branded” information, but also to the device’s software stack, making it possible to reverse engineer the protections and circumvent them. Another scenario is copying malicious software onto the hard disk and replacing it. Vynamic Security Hard Disc Encryption will help you make sure no tampering is possible.
It is an unfortunate truth that no protection will ever be 100% secure forever – attack scenarios evolve, and attackers are nothing if not creative. Therefore, it is essential to always have the most recent version of drivers and software installed to close any loopholes that may be found. Staying up to date in a world that moves as quickly as that of cybersecurity can be a challenge – especially when it is not part of the daily business. But again, there are ways to ease the burden: Vynamic View BIOS manager prevents issues with PCI compliance, and both intentional or accidental fraud by keeping the integrity of the boot process and ensuring that unauthorized malicious software is unable to run.
As you can see, reliable solutions for protecting ATMs from cyberattacks already exist. A layered approach to protect your assets from all sides is the key for gaining peace of mind – against all attack scenarios. It’s critical to continuously stay ahead of criminals by keeping devices and software up to date. Some financial institutions even decide to outsource the management and upkeep of their security systems to be able to focus on their core business.
For the best possible protection, it is key to combine the most secure ATM with the most effective software portfolio on the market: DN Series™ ATMs are more integrated and are purpose-built for the API-driven, mobile-first world we already live in. Apart from being equipped with the most comprehensive base layer of protection in the industry, DN Series was designed with our Vynamic Software Portfolio and specifically our Vynamic Security Suite in mind – making full use of its capabilities for the strongest possible protection available in the industry. By combining DN Series with the full Vynamic Security Suite you create the industry’s most secure full-stack ATM security.
If you want to take a more detailed look at your own security and risk landscape, let’s connect
to evaluate which additional measures or upgrades would improve the security of your ATM fleet – against all kinds of attacks. So, you can keep your people, your brand, and your assets secure.