Security

Blog: Security in the Shadows of COVID-19

November 09, 2020  |  B. SCOTT HARROFF

A global pandemic can really cause society to change. We’ve all witnessed this in our daily lives. But one thing has remained constant: Crime. While fraud comes in all shapes and sizes, during the pandemic, criminals switched up some of their tactics.

Once COVID-19 began its spread across the globe, stay-at-home orders were instituted, travel restrictions were in effect, and in-person ATM attacks actually dropped. Some network managers saw an almost 70% drop in the number of skimming devices reported from the first half of 2019 compared to the first half of 20201

In contrast, online, cyber-based attacks increased. We saw criminals also start to work from home as fraudsters took advantage of a health crisis and propagated many COVID/Coronavirus-based domains. In fact, there were over 4,000 Coronavirus domains created between January and March of this year, and about 8% of those were tagged as either “malicious” or “suspicious.” And that number doesn’t account for phishing-related scams and emails and targeting of virtual meetings. 

As we see economies reopen, stay-at-home orders expire, and travel restrictions lift, in-person fraud is beginning its uptick once again.

Ongoing Attack Vectors

Jackpotting attacks through a blackbox device or hard disk substitution continue to occur on outdated systems. Limited protections on the ATM’s PC and outdated encryption technology make these easy targets for trained crime rings.

Deep insert (M3/D3) skimmers continue to show up, with technology that’s so thin, it can be directly inserted into the card reader with no consumer ever knowing. Older anti-skimming technologies have been ill-equipped to detect or prevent such attacks. 

Severely damaging physical attacks, such as ram raid, j-hook, or chain pull attacks have been plaguing ATM operators. Extremely dangerous explosive attacks are happening once again and are appearing to affect countries which had not previously, such as the U.S., where Philadelphia, PA, saw a string of 50 explosive attacks occur across the city.

Modern Solutions

As we see criminals go back to their old ways, we’re maintaining our focus on stopping them. And that means arming clients with the best possible protections:

1. Ensuring that an attacker can’t attempt to open—or actually open—the door to the PC area is critical. Once in that area, the criminal has a variety of attack vectors at their disposal.  Once the alarm goes off, reaction time is everything, so adding premium alarming and surveillance can help alert authorities of an attack for the fastest possible response.
2. A smarter, stronger design of the ATM overall helps mitigate brute force attacks. Newer systems, which have a ‘cash-over-keypad’ design and note transport path that’s further back from the cash slot, help prevent j-hook, chain pull and other physical attacks from allowing criminals to successfully gain access to cash inside the safe. 
3. Hard disk drive encryption and correctly configuring the dispenser is the best solution to prevent hard drive jackpotting attacks. AES 256 bit encryption protocol running on all critical modules is a basic step in preventing communication manipulation. With newer ATMs, such as DN Series™, this is standard on more components than ever before. Changing or manipulating the code on the resident PC is what makes jackpot attacks successful. If the information is encrypted, then criminals’ chances are greatly reduced, if not eliminated.
4. Security managed services also allow for additional protection that’s always-on. Have peace-of-mind your ATM fleet is being monitored by a network of thousands of professionals, 24/7. Never worry about making sure your fleet has the latest hard disk encryption, firmware, or security software version, because it’s already taken care of through automatic updates.
5. Newer anti-skimming technology, like that found in all DN Series models, has minimized the space inside the card reader itself and offers the added benefit of intelligent sensors that can detect if foreign objects have been inserted for too long. Those features, along with encryption on communication transmission of all cardholder data, are all effective solutions to prevent more modern deep insert (M3/D3) internal skimmers and eavesdropping attacks. Premium protections, such as Diebold Nixdorf's ActivEdge, with its unique encrypted moving read head, also lead the industry in protecting against skimming attacks and keeping cardholder data safe.
6. Set up additional layers of protection. This means implementation of intrusion detection and prevention software, host-based firewall, monitoring software, TLS and Message Authentication Code, and creating a security policy with standards and protocols on what to do to prevent an attack and how to react if an attack occurs.

Whether it’s when the whole world has essentially stopped or when we’re back to ‘normal’ again, fraud and criminal activity will always happen. So be prepared, implement solutions to defend your network, have a security policy and plan, test it, and consult the experts. Diebold Nixdorf can help evaluate the security of your self-service network and determine if it makes the grade or requires some beefing up.

Contact us today to schedule a consultation or learn more about self-service security solutions.

1 Data obtained from local, state, and federal law enforcement agencies.

Let's Connect

I am interested in Go