How banks can protect their ATMs from cybercriminals

We recently learned of a new attack aimed towards ATM security and orchestrated by cybercriminals through a malware used to extract money from ATMs. This risk means that banks must implement security systems, such as Remote Key Load, if they want to create secure environments for themselves as well as for their customers regarding the use of payment methods.

How cybercriminals access ATMs

I recently read an article about the investigation, conducted by Interpol and Kaspersky Lab, on the fraudulent activity by cybercriminals on bank ATMs in America, Europe, and Asia.
The research concluded that it was due to a malware that emptied the ATMs of their cash, baptized Backdoor.MSIL.Tyupkin. Its modus operandi is to introduce the malware via CD into the ATM which when rebooted makes it vulnerable to cybercrime. The cybercriminal will later approach the ATM, usually on Sunday and Monday night to maintain an appearance of business as usual. Once in front of the ATM, he awaits a call from an accomplice who gives him a series of specific commands based on a random key generation derived from the algorithms of the malware for each session/ATM.
This allows the cybercriminals to expose the control of all phases of the process and parties involved.
In recent years, attacks directed at Bank Cybersecurity are constant and becoming more sophisticated forcing banks to strengthen their systems with robust solutions that ensure their security and that of their customers.
Specific cases of attacks that target ATMs have increased in recent years, such as the malware mentioned before and other types based on copying data from magnetic stripe credit cards, known as skimming.

How banks can protect their ATMs from cybercriminals

Faced with this situation, banks, in addition to implementing basic security actions such as having a good antivirus system, change the values and passwords set by the ATM manufacturer, …must keep in mind that to protect the structure of their ATMs and their security in general, should not cut corners when investing in solid financial security systems and solutions found on the market. In the case of APT direct attacks to ATMs, a Remote Key Load system is essential for the protection of the ATM cash and to minimize the risk of theft.
An effective security system for ATMs is Cryptosec RKL from REALSEC, whose structure resides in a multivendor system, based on asymmetrical key cryptography, and capable of automated remote master key loading in the ATM network. Changing the master key of the ATMs frequently dramatically reduces fraud risks, but banks need to have a flexible, truly multivendor, unlimited new key load solution, like Cryptosec RKL, to provide a secure environment for their ATMs.
Cryptosec RKL is compatible with all ATM manufacturers on the market, aligns with technological standards of the industry (ANSI and PCI), ensures secure key transport, and other advantages that we invite you to discover by clicking HERE.

No Comments

Post a Comment