Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label ATM. Show all posts
software vulnerabilities
ATM Cyber Security Cybersecurity measures cybersecurity vulnerability Encryption Software Updates software vulnerabilities

The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact

 

The PKfail vulnerability in Secure Boot has grown into a far-reaching security threat, affecting thousands of devices across multiple sectors. Originally believed to be a limited issue, it arises from manufacturers releasing hardware with known compromised software, allowing unauthorized software to bypass Secure Boot encryption. Even after the initial leak of the Secure Boot encryption code in 2022, manufacturers continued to distribute devices with compromised security, and some even included warnings like “DO NOT TRUST” in the firmware. 

The original discovery indicated that devices from top manufacturers such as Dell, Acer, and Intel were compromised. However, recent investigations have expanded the list to include other major brands like Fujitsu, Supermicro, and niche producers like Beelink and Minisforum. Alarmingly, the list of impacted devices has grown to nearly four times its original size, now encompassing around a thousand models of laptops, desktops, and other x86-based hardware. What’s more concerning is that the PKfail vulnerability isn’t limited to standard consumer devices. It extends to enterprise servers, point-of-sale systems, gaming consoles, ATMs, and even medical and voting machines. 

These revelations indicate that the Secure Boot vulnerability has a much wider reach, exposing critical infrastructure to potential attacks. According to Binarly’s detection tool, this breach affects numerous industries, making it a significant cybersecurity risk. The challenge of exploiting Secure Boot remotely is substantial, often requiring advanced skills and resources, making it a tool primarily used by hackers targeting high-profile individuals or organizations. It’s particularly relevant for high-net-worth individuals, government agencies, and large corporations that are more likely to be the targets of such sophisticated attacks. 

State-sponsored hackers, in particular, could leverage this vulnerability to gain unauthorized access to confidential data or to disrupt critical operations. Addressing the PKfail vulnerability requires immediate action, both from manufacturers and end-users. Device manufacturers must issue firmware updates and improve their security practices to ensure their hardware is protected against such threats. Meanwhile, organizations and individual users should regularly check for software updates, apply patches, and implement stringent cybersecurity measures to minimize the risk of exploitation. 

The PKfail incident underscores the critical importance of cybersecurity vigilance and reinforces the need for robust protection measures. As cyber threats continue to evolve, organizations and individuals alike must stay informed and prepared to defend against vulnerabilities like PKfail.
Read more »
Technology Breach
ATM ATM Bitcoin ATMs Bitcoins Cryptocurrency Threats Cryptocurrencies cryptocurrency Cyber Security Cyber Threats CyberCrime Technology Breach

Bitcoin ATM Emerges as Major Threat to Cryptocurrency

 


There is an ominous growth in Bitcoin ATMs across the United States, and some experts have claimed they are also one of the biggest cybercrime threats to the country. As with other ATMs, Bitcoin ATMs share a few characteristics with their cash counterparts: there are PINs to punch, and there are withdrawal fees as well. 

However, unlike cash ATMs, crypto ATMs have a high value, making them prime targets for hackers who are looking for ways to steal data. The problem is that whereas the location of a cash ATM at a gas station may not draw much attention, the location of a Bitcoin ATM gets more scrutiny from fraudulent individuals. The UK's National Crime Agency has reported in an article published by CNBC on September 8 that Bitcoin ATMs have proven to be one of the most popular ways for individuals to buy and sell cryptocurrencies, although they have additionally evolved into a prime target for hackers and scammers. 

There is no difference in the operation of these machines from traditional ATMs; however, thanks to the significant value of cryptocurrencies, they can be very attractive to cybercriminals, who will exploit both physical and digital vulnerabilities to their advantage. According to Timothy Bates, an assistant professor of cybersecurity at the University of Michigan, these machines are especially vulnerable to hacking due to the lack of security measures that are often part of the software used in these devices. 

According to Bates, Bitcoin ATMs can be infected by malware, which allows hackers to steal private keys and manipulate transactions through the use of malware. As well as this, an ATM can be compromised as a result of weaknesses in the security of the network, which may allow criminals to intercept communications between the ATM and its server, potentially allowing data theft to take place. As a result of malware installed by hackers on Bitcoin ATMs, they can be compromised, steal private keys, or manipulate transactions. 

It is especially concerning for ATMs that may not receive regular updates or security patches to prevent hackers from stealing funds or capturing private keys. A weakness in the network is also a weakness in the network security system. A compromised machine's network communications can be intercepted by attackers if the ATM's network communications are not adequately secured. Consequently, stolen data can be accessed or the server could be accessed by unauthorized persons, Bates explained. 

Bitcoin ATMs need to be taken seriously because of the threat posed by both hackers and scammers. Since 2020, according to a report released by the Federal Trade Commission this week, the number of scamming incidents has increased by 1,000%. In a curious twist, the risks associated with Bitcoin ATMs are directly proportional to their strengths, according to Joe Dobson, the principal analyst at Mandiant, which is owned by Google Cloud and a company that specializes in cybersecurity. 

There are three main characteristics of Bitcoin: decentralization, permissionlessness, and immutability. There is no way to reverse or reverse a transaction if funds are deposited to the wrong address, according to Dobson. Although many crypto bulls are attracted to Bitcoin because of its decentralization and lack of governance, it is a problem when used in ATMs. There are no regulations in the Bitcoin community that dictate who can run a Bitcoin ATM and who cannot, so independent organizations operate Bitcoin ATMs without any interference from the Bitcoin community," said Dobson. 

In addition to this, some old criminal tricks might be reversible in a traditional banking system, but not so in the Bitcoin world, which comes with its own set of unique challenges. It is possible for someone, for instance, to maliciously place their deposit slips into the bank stack, which can lead to folks being tricked into depositing money into their accounts unknowingly. According to Dobson, "there is the possibility that Bitcoin ATMs could also be subject to a similar attack." 

According to Dobson, "If an attacker compromises an ATM, they will be able to change the recipient wallet address (or "account number"), which in turn will steal the money of the user."  Bitcoin ATMs, however, continue to spread old tricks as well and they also introduce newer threats that are not encountered by cash ATMs. Several Bitcoin ATMs require that users provide personally identifiable information, such as their ID number or even their Social Security number to satisfy "Know Your Customer (KYC)" requirements that are necessary in the financial industry. 

Depending on the level of security that exists on a Bitcoin ATM, this information could be at risk. The Middletown Food Mart, located on the fringes of the town, in a hollowed-out section of the town near the town's main road, has a Bitcoin Depot ATM running alongside a regular cash machine, which blends in with the potato chips, bottled water, and beer on sale. 

Those who live in Middletown know that it is the hometown of Donald Trump's running mate, Ohio Senator J.D. Vance, who, similar to Trump, has refashioned himself as a crypto-advocate and has been speaking out against the adoption of Bitcoin. It is just a few blocks away from the Middletown Food Mart where Vance grew up where he works. Among the best ways to avoid these scams is to be cautious and sceptical about any requests from users who want to make payments through a Bitcoin ATM. It is rare that legitimate businesses if they exist, will request payment in Bitcoin via a machine for their services. 

During a transaction, users must verify the validity of the transaction, particularly checking the recipient's wallet for references to questionable entities," Frei said, adding that an additional precaution can be taken by using licensed ATMs from reliable operators. 

Users will be able to follow certain steps to make sure they are dealing with a Bitcoin ATM or party that is legitimate and owned by someone reputable. Adding to Frei's warning, he stressed the importance of being cautious and not sending bitcoins to unknown wallets. A platform like Chainabuse can help validate the legitimacy of the transaction by examining the risk score of the recipient's wallet, which can help verify their legitimacy. 

In the U.S., Bitcoin Depot operates over 8,000 ATMs, making it the country's largest operator of Bitcoin ATMs. Its chief executive, Brandon Mintz, assured CNBC that the company's software and hardware are designed to deter hackers, although he cautioned consumers not to fall victim to scams or be deceived by them. There seem to be just 10 operators worldwide who manage about 74% of ATMs in the world, as per Frei's analysis of data.
Read more »
Ukraine-Russia Conflict
ATM ATM Hacking Banking System attacked Cyber Attacks Cyber Warfare Russian Cyber Security Ukraine-Russia Conflict

Ukraine Hacks ATMs Across Russia in Massive Cyberattack



On July 23, 2024, a massive cyberattack launched by Ukrainian hackers targeted Russian financial institutions, disrupting ATM services across the country. According to a source within Ukrainian intelligence, the attack is “gaining momentum” as it continues to cripple banking services. By July 27, the fifth day of the cyberattack, customers of several prominent Russian banks found themselves unable to withdraw cash. When attempting to use ATMs, their debit and credit cards were immediately blocked, leaving them stranded without access to their funds. 

The intelligence source, who provided written comments to the Kyiv Post, indicated that the attack had affected numerous banks, including Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. The widespread disruption has caused significant inconvenience for customers and highlighted vulnerabilities within Russia’s financial infrastructure. The source in Ukrainian intelligence mocked the situation, suggesting that the Kremlin’s long-desired “import substitution” might now include reverting to wooden abacuses, paper savings books, and cave paintings for accounting. 

This remark underscores the scale of the disruption and the potential for outdated methods to replace modern financial technologies temporarily. The cyberattack represents a significant escalation in the ongoing cyber conflict between Ukraine and Russia. While cyberattacks have been frequent on both sides, the targeting of ATM services and the subsequent blocking of debit and credit cards mark a notable shift towards directly impacting ordinary citizens’ daily lives. This attack not only disrupts financial transactions but also instills a sense of insecurity and distrust in the reliability of banking systems. 

The list of affected banks reads like a who’s who of Russia’s financial sector, including both state-owned and private institutions. The inability to withdraw cash from ATMs during the attack has put pressure on these banks to quickly resolve the issues and restore normal services to their customers. However, the continued nature of the cyberattack suggests that solutions may not be forthcoming in the immediate future. The Ukrainian hackers’ ability to sustain such a large-scale cyberattack over several days indicates a high level of coordination and technical expertise. It also raises questions about the preparedness and resilience of Russian banks’ cybersecurity measures. 

As the attack progresses, it is likely that both sides will escalate their cyber capabilities, leading to further disruptions and countermeasures. The broader implications of this cyberattack are significant. It highlights the increasingly blurred lines between cyber warfare and traditional warfare, where digital attacks can cause real-world consequences. The disruption of banking services serves as a stark reminder of how dependent modern societies are on digital infrastructure and the potential vulnerabilities that come with it. 

In response to the ongoing cyberattack, Russian banks will need to bolster their cybersecurity defenses and develop contingency plans to mitigate the impact of such attacks in the future. Additionally, international cooperation and dialogue on cybersecurity norms and regulations will be crucial in preventing and responding to similar incidents on a global scale. As the situation develops, the cyber conflict between Ukraine and Russia will likely continue to evolve, with both sides seeking to leverage their technological capabilities to gain an advantage. The ongoing cyberattack on Russian ATMs is a clear demonstration of the disruptive potential of cyber warfare and the need for robust cybersecurity measures to protect critical infrastructure.
Read more »
Risk Management
ATM Cyber Security Cyber Threats Digital Banking IT risks RBI Risk Management

RBI Issues Advisory to Support Cybersecurity in Banks


 

Amid escalating cyber threats, the Reserve Bank of India (RBI) has released a comprehensive advisory to all scheduled commercial banks. This advisory, disseminated by the Department of Banking Supervision in Mumbai, stresses upon the paramount importance of robust cybersecurity measures in the modern digital banking infrastructure.

The advisory highlights the crucial role of Corporate Governance in maintaining accountability within banks, emphasising that IT Governance is a key component of this framework. The RBI stresses that effective IT Governance necessitates strong leadership, a clear organisational structure, and efficient processes. Responsibility for IT Governance, the advisory states, lies with both the Board of Directors and Executive Management.

With technology becoming integral to banking operations, nearly every commercial bank branch has adopted some form of digital solution, such as core banking systems (CBS) and alternate delivery channels like internet banking, mobile banking, phone banking, and ATMs. In light of this, the RBI provides specific guidelines to banks for enhancing their IT Governance.

The RBI recommends that banks clearly define the roles and responsibilities of their Board and Senior Management to ensure effective project control and accountability. Additionally, it advises the establishment of an IT Strategy Committee at the Board level, comprising members with substantial IT expertise. This committee is tasked with advising on strategic IT directions, reviewing IT investments, and ensuring alignment with business goals.

The advisory also suggests structuring IT functions based on the bank’s size and business activities, with dedicated divisions such as technology and development, IT operations, IT assurance, and supplier management. Each division should be headed by experienced senior officials to manage IT systems effectively.

Implementing IT Governance PractiPracticehe RBI stresses the importance of implementing robust IT Governance practices aligned with international standards like COBIT (Control Objectives for Information and Related Technologies). These practices focus on value delivery, IT risk management, strategic alignment, resource management, and performance measurement.

Information Security Governance

Recognizing the critical nature of information security, the RBI advises banks to develop comprehensive security governance frameworks. This includes creating security policies, defining roles and responsibilities, conducting regular risk assessments, and ensuring compliance with regulatory requirements. The advisory also recommends that the information security function be separated from IT operations to enhance oversight and mitigate risks.

Risk Management and Compliance

The RBI underscores the necessity of integrating IT risks into banks’ overall risk management frameworks. This involves identifying threats, assessing vulnerabilities, and implementing appropriate controls to mitigate risks. Regular monitoring and oversight through steering committees are essential to ensure compliance with policies and regulatory standards.

The RBI’s advisory serves as a crucial reminder for banks to strengthen their cybersecurity defences amidst growing digital threats. By adopting robust IT Governance and information security frameworks, banks can enhance operational resilience, protect customer data, and safeguard financial stability. Adhering to these guidelines not only ensures regulatory compliance but also bolsters trust and confidence in the banking sector.

As technology continues to play an increasingly pivotal role in banking, the RBI urges banks to remain vigilant against emerging threats. Proactive measures taken today will help secure the future of banking operations against cybersecurity challenges. For detailed guidelines, banks are encouraged to refer to the official communication from the Reserve Bank of India.


Read more »
Technology
ATM ATM Card Trap ATM Tampering Financial Security Technology

ATM Card Trap Scam: How to Stay Safe

ATM Card Trap Scam: How to Stay Safe

ATMs have become an integral part of our lives. They provide convenient access to cash and banking services. However, criminals are always finding new ways to exploit technology for their gain. One such deceptive scheme is the ATM card trap scam. 

The ATM card trap scam is a sophisticated method used by fraudsters to take your money and personal information. Let’s dive into what it is and how you can protect yourself.

What is the ATM Card Trap Scam?

The ATM card trap scam involves fraudsters using skimming devices to steal your card information and distract you from stealing your Personal Identification Number (PIN). Here’s how it works:

Tampered ATMs: Scammers physically alter the ATM’s card reader. They may attach a skimming device or even remove the reader entirely, causing your card to get stuck.

Feigning Helpfulness: When your card gets stuck, a seemingly helpful stranger might appear. They offer assistance, but their real goal is to distract you.

PIN Stealing: The scammer may convince you to re-enter your PIN to “unstick” the card. While you do so, they observe your keystrokes or offer to call the bank for you.

Emptying Your Account: Once you leave, the scammer retrieves your card and withdraws money using your stolen PIN.

Tips to Stay Safe:

Inspect the ATM: Before using an ATM, examine it for anything unusual around the card slot. Look for suspicious attachments or loose components.

Check for Tampering: Be cautious if the card reader looks different or if there are hidden cameras. Cover your hand while entering your PIN.

Avoid Relying on Strangers: If your card gets stuck, don’t seek help from strangers. Instead, contact your bank directly using the customer service number on the back of your card or through the official app.

Never Share Your PIN: Bank officials will never ask for your PIN over the phone or in person. Keep it confidential.

Choose Secure ATMs: Opt for ATMs in well-lit areas with security cameras. Prefer those located inside bank branches during operating hours.

Report Tampered ATMs: If you notice a tampered ATM, report it to the bank and authorities immediately.

Read more »
Skimmer
ATM Bank Credentials Card Skimming Credit Card Cyber Security Financial Data Financial Security Phishing Attacks Skimmer

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Read more »
MGM Resorts
ATM cryptocurrency Cyber Attacks Cyber Siege CyberCrime Cybersecurity MGM Resorts

MGM Resorts Hit by Cyber Siege: Hackers Brag About Four-Day Outage

 


In the wake of a cyberattack that forced MGM Resorts to shut down systems across all of its properties, the company continues to suffer from widespread outages. The majority of MGM's internal networks were shut down for most of Sunday, the evening before the Grand Opening of its Las Vegas Strip hotels and casinos such as the Bellagio, Aria and Cosmopolitan. 

Due to this technical failure, ATMs and slot machines throughout the company's hotels and casinos experienced widespread disruptions, and guests have reported issues with their room digital key cards and electronic payment systems, as well as the electronic payment systems in the casinos. 

“MGM is an enormous company, but there are countless cases where small and medium-sized businesses are victimized by ransomware every week and it does not usually make the headlines,” says Alex Hammerstone, who is an advisory solutions director at TrustedSec, a cybersecurity firm based in Ohio. 

According to the company on Monday, a "cybersecurity issue" had affected some of its systems and was forcing the company to shut down some of its systems, which were owned by MGM, which has over two dozen hotels and casinos around the world and an online sports betting arm as well. Several reports indicated that everything from hotel room keys to slot machines did not work for the next several days. 

A number of the properties of the company were also taken offline for a while, including their websites. There was a lot of confusion among guests when the company went into manual mode to remain as functional as possible as the company moved from an electronic system to a manual system as it struggled to keep up with demand. There was no response received from MGM Resorts to a request for comment, and no vague references were made to a "cybersecurity issue" on Twitter/X to reassure guests that the company was working to resolve it and that there would be no interruption to the resorts. 

MGM Breach Claimed by Scattered Spider 

A group called Scattered Spider is thought to have been involved in the MGM breach, and they reportedly used ransomware developed by ALPHV, or BlackCat, a ransomware-as-a-service operation known as ransomware-as-a-service. 

The Scattered Spider attack is the result of social engineering, where attackers impersonate people and organizations that have a relationship with the victim and attempt to manipulate them into performing certain actions. 

The hackers are particularly adept at "vishing," which is convincingly gaining access to systems through phone calls instead of the more traditional phishing, which is conducted through emails. Black-hat actors such as ALPHV have become extremely well-known in the cybersecurity industry as they have been credited with damaging attacks on companies such as Reddit and Western Digital, among others, in recent times. 

CISA, an American cyber security agency, issued an alert on ALPHV in April 2022 based on information found in a Flash report released by the FBI, noting that the criminal group had "compromised at least 60 entities across the globe. There has been no public description of the nature of the security breach by either MGM or the FBI, and MGM has not responded to Forbes' multiple requests for comments about the breach. 

During the investigation, the FBI confirmed that they were involved. It is believed that the members of the scattered spider are between the ages of 18 and 20, they may be based in Europe or possibly in the United States, and they may have fluency in English, so their vishing attempts are much more convincing than, for example, a phone call from someone with a Russian accent and only a basic understanding of the language. 

The hacker appears to have obtained the personal information of one of the employees on LinkedIn and posed as them in an attempt to impersonate them to obtain credentials from MGM's IT support desk so they could access and infect the systems. 

In a financial newspaper report, someone claiming to be a representative of the group said the group had stolen and encrypted MGM's data along with requesting money in crypto to be released. This was the backup plan; initially, the group planned to hack the company's slots, but they were unable to accomplish this goal, according to the company representative. 

Cybersecurity experts say that VX-Underground may be a trustworthy source for the attack even though ALPHV's responsibility has not been verified. As reported by VX-underground, Scatter Spider used social engineering as a means of compromising MGM, as the hackers allegedly found an employee on LinkedIn and called their help desk to gain access to the account. 

As a result of the hacking techniques of Scattered Spider, employees have been tricked into granting hackers access to large corporate networks through social engineering tactics. There are reportedly young adults and teenagers among the members of the transatlantic hacking group as well as similar hacking and extortion groups like Lapsus$, who resemble similar groups in terms of their activities. 

A spokesperson for the FBI, who declined to be identified, confirmed the investigation into the MGM cyberattack was in progress, but would be unable to provide more information at this time. Cyberattack victims and individuals facing extortion have long been advised by US authorities not to pay ransom in the event of cybercrime.
Read more »
Indian Bank
ATM ATM Skimmer Bank Cyber Security Banks Cyber Security Cyberattack Digital Money Hackers Steal Money Indian Bank

Indian Banks Failing to Protect Their Cyber Security

 


Indian Banks Failing to Protect Their Cyber Security In Thane, Maharastra some unidentified fraudsters hacked the server and tampered with the data of a cooperative bank. According to Police, the hackers allegedly siphoned off Rs. 1.51 crore to various accounts from the Dombivli Nagarik Sahkari (DNS) bank on March 12. 
 
Following the attack, a case has been registered against unidentified persons under section 420 (Cheating and dishonestly inducing delivery of property) of the Indian Penal Code (IPC) and section 65 of the Information Technology Act at Manpada police station under the Kalyan division who has started a probe into the incident in collaboration with Thane cyber police.  
 
The security incident draws light on the issue of bank frauds that have become deep-seated in the Indian Financial System. In just over seven years, Indian banks have witnessed frauds surpassing $5 trillion with total fraud loans amounting to Rs. 1.37 lakh crore in the last year alone.  
 
Shocking scams like Punjab National Bank (PNB) scam (2018), Cosmos Bank cyberattack (2018), Canara Bank ATM Hack (2018), along with many other vishing, phishing, ATM skimming, and spamming attacks have continued to plague Indian banks over the recent years. With an increase in digital-based transactions, money cheating cases have also witnessed a sharp rise. The techniques and resistance measures employed by banks to safeguard their customers’ financial data and money have met with progressive and sophisticated hacking techniques used by fraudsters in India.  
 
John Maynard Keynes, after examining the condition of banking in India said banking in India should be conducted on the safest possible principles while calling India a “dangerous country for banking”. The apprehension has proven to be prophetic in the modern world as financial institutions failing to conduct prudent banking have become the center of monetary scams. Reportedly, the State Bank of India (SBI), HDFC Bank, and ICICI Bank constituted a majority of incidents totaling more than 50,000 fraudulent incidents in the last 11 fiscal years.  
 
Digitalization in India has led to the manifestation of ‘Digital Money’ and cashless transactions have been on a continual rise. Consequently, the protection of data and privacy becomes more important as a fragile cybersecurity system can have serious repercussions for any bank’s customer base.  
 
Data breaches have emerged to be a serious threat in the banking sector which further amplifies the need for an impenetrable banking system as recovering from data breaches and regaining control of a breached server can be extremely stressful and time-consuming. In order to strengthen the evolution of the banking system, banks require to identify and plug the gaps in security. Part of the problem can be attributed to the accelerated pace of digitization which has increasingly required the same kind of investment on the cyber hygiene side as well.  
 
Some of the viable measures that banks can undertake include proactive security techniques like ‘Whitelisting’ (blocks unapproved programs while only allowing a limited set of programs to run) and BIOS passwords (prevents external access to systems and servers). Awareness of employees, stringent filtering, and communicating regularly with regional offices are some of the other preventive measures as advised by the security experts.
Read more »
Web Skimming
ATM Card Skimming Cyber Security Web Skimming

Target Reveals Its Personal Skimming Detection Tool


Web skimming is a major problem for e-commerce shops and websites over the past few years. The attacks include simple script injections into payment platforms and breaches of genuine third-party services and scripts. Often referred to as Magecart attacks, these have become one of the leading reasons for card-not-present (CNP) fraud and affect small and big brands in the same manner, and also impact e-commerce platforms. Top e-commerce retailers, Target went in solutions a few years back to deal with this problem and keep their customers safe when shopping on the Target website.
 
As there were not many ready-to-detect tools for these attacks back then, two computer security experts thought about making one. After going live and in use for more than three years, Target.com company's client-side scanner has now been issued as an open-source project named Merry Maker. Merry Maker constantly affects online surfing and executes test transactions to scan for any harmful code. 

Merry Maker works as a guest on Target.com by executing various general tasks that include online purchases. In this process, the tool stores and analyzes various types of information which includes network requests, browser activity, and JavaScript files to check for any suspicious activity. 

About Card Skimming 

Card skimming is an attack where a harmful device is deployed at the point of authorized transaction to steal financial credentials. In the real world, skimming devices are attached to the card slots of ATMs or gas pump payment platforms to store data encrypted on the card's magnetic stripe. These generally come with a PIN pad or small cameras that plans to steal PINs types by users. 

These chip-based cards use encryption along with other transaction authentication and verification features are meant to challenge such types of card attacks. "Web skimming groups use sophisticated techniques to make their keylogging code hard to detect. The code can be heavily obfuscated and added to existing JavaScript files or even stored in other types of resources such as CSS or even embedded into images or it can be hosted on third-party domains," writes CSO.
Read more »
User Privacy
ATM ATM Security attackers Cyber Fraud User Privacy

Hiding ATM Pad Gives Less Protection Against Attackers: States Research

 

While using a credit card or cash card for money withdrawal from an ATM, users must provide their unique PIN. A careful individual might conceal the keypad with their hand as they input it so that nobody else learns their PIN, although even if they hide the keypad with their hand, it is possible to predict the PIN with good accuracy using a machine learning technique. 

Recently, investigations have indicated that it is viable to program a special-purpose deep-learning system to predict 4-digit card PINs 41% of the time, even when the victim is shielding the keypad with their hands. The attack necessitates the establishment of a copy of the target ATM since training the algorithm for the exact size and key spacing of the various PIN pads is critical. 

Utilizing footage of individuals inputting PINs on the ATM pad, the machine-learning model is then taught to detect pad presses and give particular probability on a set of possibilities. The researchers collected 5,800 recordings of 58 different people from various demographics inputting 4-digit and 5-digit PINs for the research. 

The prediction model was run on a Xeon E5-2670 having 128 GB of RAM and three Tesla K20m with 5GB of RAM each. Not any typical system, but probably within a reasonable cost range. 

The researchers rebuilt the right sequence for 5-digit PINs 30 percent of the time using three tries, which is generally the maximum allowed number of attempts before the card is blocked, and 41 percent of the time for 4-digit PINs. 

The model may omit keys based on non-typing hand coverage and derive pushed digits from other hand motions by calculating the topological distance between two keys. 

The positioning of the camera that catches the attempts is critical, particularly when filming left or right-handed people. The attacker concluded that concealing a pinhole camera at the top of the ATM was indeed the best choice. However, if the camera can capture audio as well, the model might employ pressing sound feedback that is slightly different for every digit, making the estimates much more precise. 

This experiment demonstrates that concealing the PIN keypad with the other hand is insufficient to guard against deep learning-based assaults, but there are several alternatives one may use. 

For instance, if the bank allows users to select a 5-digit PIN rather than a 4-digit PIN, go with the lengthier one. It will be more difficult to remember, but it is far more secure against any such attacks. Furthermore, the proportion of hand covering considerably reduces prediction accuracy. A coverage ratio of 75% results in an accuracy of 0.55 for each trial, whereas entire coverage (100%) results in an accuracy of 0.33. 

Another alternative would be to provide customers with a virtual and randomized keypad rather than the conventional mechanical one. This has unavoidable usability problems, but it is a great security precaution.
Read more »
Cyber Security
ATM Black Box Attacks Cyber Security

Two Belarusian Arrested in Black Box ATM Attack

 

The Polish authorities have detained two individuals committing so-called ‘Black Box’ attacks, targeting ATMs, whereby criminal offenders attach electronic devices to cash machines and electronically force them into spraying all the money. The Polish authorities did this with the assistance of Europol. 

Following the ATM 'jackpotting' attack, which fraudulently led cash machines throughout Europe to deliver Euro 230,000 ($273,000), two Belorussian residents have been arrested. 

According to a press statement released on July 29 by Europol, criminals gained access to ATM cables by piercing or mounting pieces, that further connect the equipment to a laptop physically. This was then used to send relay commands to distribute all of the cash in the ATM. 

An ATM black-box attack is an ATM cash-out sort, a fraud concerning the financial system where the culprit bores troughs in the top of the cash machine, to obtain access to the internal infrastructure of the ATM. The money dispenser of the ATM is then connected to an outside electronic device, or black box, which employs native ATM commands to discharge money, circumventing the necessity for a card or transaction authorization. 

Coordinated by the EU Law Enforcement Agency and its Joint Cyber-Crime Action Task Force (J-CAT), the investigation highlighted that dozen of such "Blackbox" attacks have been committed by criminals in at least seven countries in Europe. 

The hackers attacked only a certain ATM model; Europol stated. The company refused to disclose in its assessment the specific cash machine brand susceptible to attack technology. Meanwhile, the Polish police in Warsaw, Poland on 17 July detained both suspects. The investigation also engaged German, Austrian, Swiss, Slovak, and Czech law enforcement authorities. 

While ATMs are indeed a lucrative target, they often have major physical and virtual weaknesses. ATM vulnerabilities have been a frequent issue since hacker Barnaby Jack persuaded an ATM in 2010 in Black Hat USA at a security conference in 2010 to dump all its money on stage.
Read more »
SBI
ATM Bengaluru CDM Cyber Fraud SBI

Colombian Woman purloin Rs 17.71 Lakh from SBI ATM

 

Bengaluru Police have confronted a freshly growing crime that goes under the name ATM fraud. In this ATM fraud, the actors steal the money from the ATM by fixing a device and hacking the bank’s servers with their master dupe. In recent times, a Columbian woman has been accused of this fraud. She was held in defrauding the State Bank of India (SBI) with a calculated amount of Rs. 17.71 lakhs with her dupe. This case was registered in the Hegdenagar, Northeast Bengaluru, India. 

This incident was first perceived by a manager of SBI, Sushil Kumar Singh when he acknowledged an unusual call from a man, who had a query stating that he has received Rs. 1 lakh while he was trying to withdraw an amount of Rs. 1,500 from the local SBI ATM at Hegdenagar. This incident was reported to the Sampigehalli Police on the 11th of January. 

On the other hand, upon hearing the situation from the caller, Sushil Singh with his colleagues ran to the troubled ATM right away and started his investigation. The first thing that he did was to switch off all the ATMs at the kiosk as a precautionary measure. This was done so as the other ATMs do not get in the eye of the actor. The very next day, in the morning he found that a device was attached to the cash deposit machine (CDM) at the kiosk. Further in the investigation, a scrutiny of the cash balance receipt revealed that Rs 17,71,500 were missing from the ATM. 

Later the CCTV footage of the ATM as well as the neighboring areas was checked by the bank staff. With the help of the CCTV footage, they concluded that a woman had walked into the ATM near about 2.25 pm on the 11th of January and had fixed the device to the CDM. In this regard, Sampigehalli police evaluated the clues which helped them to track and arrest a woman, named Leidy Stefania Munoz Monsalve, aged 23 on Friday who was the culprit behind the fraud. 

The device that was fixed to the CDM works by hacking the bank’s servers connected to the ATM, which enables the actors to withdraw the money stored into the kiosk. However, the Police have recovered the stolen money from the ATM. The police mentioned that “The Hegdenagar case, along with three others from Banaswadi, Halasuru, and Nelamangala, appears to be her first foray in cybercrime”.

Currently, Monsalve is in custody for further investigation. Well, this is not the first time that Monsalve was arrested, she has been a part of thefts earlier as well. But was released on bail.
Read more »
Cybersecurity
.skl files ATM ATM Hacking Cybersecurity

Black Box: A New ATM Attack that Diebold Nixdorf Warns Off


A unique kind of ATM attack has come to surface called "Black Box." ATM developer Nixdorf warns the financial sector to stay on alert. The attack was widespread accross Europe recently. The Black Box ATM attacks are similar to Jackpotting, in which hackers make the ATMs dispense out cash in piles. Hackers use jackpotting to attach a malware in the ATM or use a black box instead. "Some of the successful attacks show a new adapted Modus Operandi on how the attack is performed.
"Although the fraudster is still connecting an external device, at this stage of our investigations, it appears that this device also contains parts of the software stack of the attacked ATM," says Diebold.


In the case of black-box attacks, the hacker tampers with the ATM's external casing and gets access to the port. The hacker can also put a hole in the machine to find internal wires and connectors. Once the hacker has access, he connects the black-box with the ATM through a laptop, building a connection with the internal systems. After this, the hacker then has control over the command options and uses it to dispense cash out of the ATM.

These kinds of jackpotting attacks on ATMs have happened for a decade. The jackpotting attacks have been quite famous among gangs, as the method is very cost-effective and profitable. Jackpotting attacks are more straightforward compared to cloning cards, ATM skimming, and laundering money, which consumes quite a lot of time. Another reason for the popularity of black-box attacks is that the noob hackers (amateur) don't have to spend a lot of money to get a black box. One can purchase a device and launch an ATM attack without having to spare a lot of time.

"In recent incidents, attackers focus on outdoor systems and are destroying parts of the fascia to gain physical access to the head compartment. Next, the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC, was unplugged. This cable is connected to the black box of the attacker to send illegitimate dispense commands," says Diebold on his website.
Read more »
malware
ATM Juice Jacking malware

State Bank of India Issues Warning of Juice Jacking


In recent months there has been a rise in cyber-frauds with people losing money on online payment or digital transactions. As digital transactions increase so do hackers get more and more creative in their ways of siphoning money. Cons where people accidentally reveal OTP and pins have become quite common but now a new malware has shown up. As such, the country's prominent bank State Bank Of India issued a warning against Juice Jacking also known as USB charging scam.


A new technique that infects mobile phones with malware when they are connected to public charging ports and steal their personal information. What is Juice Jacking? Juice Jacking is stealing your personal information via a USB port. Hackers have developed a simple benign-looking USB port like a gadget that is attached to charging sockets at public places. Once the user connects his phone to this charging device the USB port infects the phone with malware. Then this malware gets active and sends personal information like contact details, emails, messages, photos, private videos, and sensitive financial credentials to the hacker. The miscreant then uses this information to siphon user's money.

The media reports, "Hackers adjust ports on these charging stations with sophisticated USB-like widgets that don’t look unusual for most. Once a user connects to one of these malicious ports, the device bypasses the phone’s security to steal the contents of the phone, including bank details, emails, messages, photos, and private videos, by injecting malicious software." Weeks earlier California Los Angeles County District Attorney department also issued a similar warning of Juice Jacking to locals and travelers.

Now, SBI also warns people to not charge their phones and other devices from public charging portals at station and airports.

 How to protect your phone? 
Don't ever plug your phone to USB charging ports.
Always use two pins AC electrical outlets.
Better bring your charger or power bank as prevention is better than cure.
Avoid charging your phone at a public place like a metro station.

Read more »
Subscribe to: Posts (Atom)