By : Owen Wild
January 23, 2018 01:00 PM
One of the fastest-growing threats facing banking technology at the moment is the growing risk posed by malware, and in particular those that are implemented via remote logical attacks. Whereas in the past, criminals would have to gain physical access to an ATM to infect it, this is no longer the case, and remote hacking of ATMs is a growing issue.
Indeed, one recent study by Europol and Trend Micro noted that the size and scope of such attacks has been increasing in recent years, with more sophisticated criminals looking to take advantage or poorly-protected networks and hidden vulnerabilities.
Intel warns on new vulnerabilities
This risk was highlighted recently with a warning from Intel that revealed newly-discovered security vulnerabilities in its Management Engine that could affect ATMs using certain chipsets, as well as bugs in the remote server management tool Server Platform Services, and Intel's hardware authentication tool Trusted Execution Engine.
As NCR's November 2017 Security Update notes, these issues are limited to the Skylake/Kabylake chip, which, while not currently in use with most NCR ATMs, may be deployed by some customers who have a custom configuration.
While all potential customers have been notified by NCR and have taken preventive measures to protect from the vulnerability, it does highlight the ever-present threat posed by unpatched firmware.
Defending against logical attacks
Fortunately, there are steps that ATM operators can take to ensure their networks are as well-defended as possible against this type of attack. However, it can be a complex process to achieve this.
Therefore, a holistic approach that covers all layers of a network is essential. If this is implemented successfully, then even if one layer has a previously unknown weakness, the other layers will mitigate the risk of that weakness being exploited. However, if all the layers of protection are not applied, then it may allow compromise of another layer.
Such a layered approach to security is critical to preventing attacks on the ATM environment, and there are several steps involved in this that must be followed in order to ensure complete protection.
These are spelled out in NCR's Logical Attack Protection White Paper, which details 15 essential rules that operators must follow if their ATM networks are to be well-defended. Some of these are straightforward, such as establishing a clear, effective policy for the use of passwords, installing and maintaining a firewall, and having a regular process for patching software. However, if they are not done, a business will only have itself to blame if it falls victim to a hacker.
The 15 steps laid out in NCR's white paper are not optional. They should be viewed as mandatory to protect the ATM in today’s environment, so every operator must ensure they are familiar with them in order to guard against increasingly sophisticated logical attacks.