07/12/2021 - Reading time 2 min
How to Protect ATMs from Blackbox and Malware Attacks?
ATM attacks continually evolve as measures are put in place to deter them with higher-grade vaults, anti-explosive vaults and anti-skimming devices etc.
Criminals consistently look for weak points in both ATMs and their security systems; have now moved from using physical force to gain access to the cash on to attacking the electronics and software within the ATM itself.
This does not mean that the number of other attacks such as skimming, hook and chain, explosives or ram raids have diminished there is now a new addition - the so-called “Blackbox” Attacks.
ATM Blackbox Attacks
An ATM Blackbox attack is a type of cash – out or jackpot attack when criminals drill holes in the top or upper cabinet of the cash machine through the fascia to gain sufficient access in order to manipulate the internal infrastructure to dispense cash.
By knowing where to drill they can gain access to the ATM’s internal cabling or connection points, this varies depending on the model of ATM, then by connecting their own external electronic device that emulates the ATM controller commands. This way they then issue native commands to the dispense so that it will automatically dispense the banknotes until all cassettes are empty without needing a bank card.
Blackbox attacks are logical attacks unlike for example cash trapping that, rather than exploiting vulnerabilities in the software as seen with malware attacks, they make use of the ATM’s existing native protocols, middleware, and communications to carry out the ATM robbery.
Blackbox Attacks are newer than popular ATM attack methods like card skimming or network-based attacks but are just as effective in getting access to the cash if appropriate cash protection methods are not in place.
With the Black box, attacks do not usually focus on the target ATM’s operating system but the low level commands that control the dispenser.
It has been seen that certain ATMs designs are more susceptible to Blackbox attacks than others. The failure of the architecture or design to not encrypt commands from the ATM controller to key modules such as the cash dispenser mean that they are far more susceptible.
How to Prevent ATM Blackbox Attacks
Blackbox attacks were once seen as difficult if not impossible to prevent. This is no longer the case there are a number of simple measures that the ATM owner can do.
The first thing to do is to undertake a survey to establish and ensure that the ATM software and hardware are up to the latest manufacturers’ revisions.
A survey of ATM deployers a few years back established that many vaults still could be opened by the manufacturer default setting or that just a very few different keys opened the upper cabinets.
A key selection criteria should be to only install ATMs that are designed with encryption between the controller and key modules, features such as armoured cables can be used to prevent blackbox attacks.
One development that will prevent black box attacks by detecting when the ATM fascia is attacked is Oberthur Cash Protection’s ATM Fascia Protection which incorporates a Tamper Proof Fascia. This ATM security system detects when attempts are made to drill the fascia in order to undertake a Blackbox attack
The future of ATM cash protection against attacks
Criminals will continue to devise new ways to target and attack ATMs, using the latest technology available to overcome existing security measures.
It does not mean that traditional ATM cash protection methods to protect against physical attacks such as seen with OCP’s Intelligent Banknote Neutralization Systems should not be deployed against physical attacks such as expolosive or ram raids.
Blackbox attacks are one of the latest types, and follows the patten that success in one region or country are exported to others. The first attacks were seen in western Europe in 2015 and have since been exported around the globe.
Experience shows that no one solution will deter all types of ATM attack, the ideal solution is a layered approach. ATM
owners need to be proactive in selecting the right security measures to meet the threats as what is certain that criminals will
continue change their attack philopshyies. Oberthur Cash Protection are the ideal partner as they offer solutions to meet both
logical and physical attacks both now and in the future.
Paul Nicholls, Head of Sales, Oberthur Cash Protection