Fraud & Security Alerts Archive

 

2021

 

March

  Transaction Reversal Fraud (TRF)

  New NCR ATM security guidance now published

  Configuration advisory for S1 and S2 Currency Dispenser to prevent “Black Box” and Diagnostic Misuse attacks

 

February

 Ploutus variation found in ATMs in Latin America

 

January

 Man in the Middle Logical Attacks in India - New guidance and recommendations from NCR

 

2020

 

September

 Increase of Physical Attacks in the USA - New guidance and recommendations from NCR

 

July

  Black Box Attacks in Europe

 

January

  Microsoft Security Patch Updates for Windows 10

 Microsoft Security Patch Updates KB4530734 & KB4530692 for Windows 7

 Important Updates and Actions required relating to Microsoft Security Patch Updates

 


2019

 

December

 NCR ATM Security Update - Combination Lock Filming

 New Long Nose Overlay Skimmers

 

November

 Transaction Reversal Fraud in the UK

 An Update on ATM Jackpotting Attacks

 

August

 Intel MDS Vulnerability

 Microsoft Remote Desktop Services Vulnerability (aka Blue Keep)

 

January

 Black Box attacks on 6622 model ATMs in Mexico

 Configuration advisory for S1 and S2

 

2018

 

November

 APTRA XFS Platform Component Security Update

 Currency Theft from 6688 in North America

 

September

 Update for S1 and S2 Currency Dispenser

 Securing from Cash Out Attacks - Best Practices

 

August

 Deep Insert Skimming on Motorized Card Readers

 Cash Out Attacks in the US

 

July

 Transaction Reversal Fraud

 

June

 Continued Expansion of Logical Attacks on ATMs in the US

 

April

 BIOS updates for Spectre and Meltdown Vulnerabilities

 

February  

 Critical Platform Component Update for S1 and S2 Currency Dispenser

 

January 

 Jackpot Attacks in the US

Update on Spectre and Meltdown Vulnerabilities

 New Chip Security Vulnerabilities

 

 

2017


November 

 Intel vulnerabilities in Skylake/Kabylake chip

 

October 

 Black Box variant attack in Mexico

 

June 

 Eavesdropping Skimming Attacks on ATMs in the USA

 Petya Ransomware

 Black Box Attacks on ATMs in the UK

 

May

 Update on Global Ransomware attacks - WannaCry

 Security vulnerabilities on Intel AMT chips on ATM motherboards

 

March 

 Deep Insert Skimmer Attacks

 

February 

 NCR Security Alert - Fileless Malware

 Global Logical ATM Attacks Guidance

 

 

2016

 

December 

 NCR Security Alert - 2016-14 Cash Trapping in Spain
Cash Trapping “Type 1” Attacks in Spain

 

November

 Media coverage of recent Cobalt Logical Attacks on ATMs
Media coverage of recent Cobalt Logical Attacks on ATMs

 

August 

 Malware Attack in Thailand
Network Malware Attack in Thailand - Global Alert

 Personas Black Box attacks continue to grow in Europe, now reported in UK
We are now able to confirm attempts of Black Box attacks on Personas ATMs in the UK. Black box attacks were previously reported in Mexico, Brazil, Germany, Spain, Poland, Russia, Italy and the Czech Republic.

 NCR EMV Position
An NCR presentation highlighted solution recommendations to deal with a potential vulnerability in retail points of interaction (i.e. EMV card readers). The potential vulnerability does not apply to nor affect NCR ATMs or software in any way.

 

May

 Reports on "Skimer" and "ATM infector" malware
This particular malware is reportedly able to capture cardholder data (including PIN) from consumers who use the ATM and perform an unauthorized dispense of cash from the ATM.

 Logical attack advisory for U.S. and Canada
An unspecified number of ATMs in the U.S. and Canada are being targeted for Black Box attacks.

 Expansion of Deep Insert Skimming attacks
‘Deep Insert Skimming’ is becoming more viable for criminals as a tactic to avoid bezel mounted anti-skimming defenses.

 

April 

 Black Box attacks on ATMs in Germany
Black Box attack results in an unauthorized dispense of cash from the ATM.

 Black Box attacks on ATMs in Italy
This attack results in an unauthorized dispense of cash from the ATM.

 

March

 Offline malware attack in Ukraine
This attack is similar to previous malware attacks we have seen used to dispense cash from ATMs.  

 

 

2015

 

February

 "Man-in-the-middle" network attack in Mexico
Occurs when network infrastructure is compromised and malware is placed within a bank's network.

 Network inserted malware attacks on bank computers
NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.

 Network inserted malware attacks on bank computers - (Spanish)
NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.

 

March

 Update on Carbanak attacks on bank network computers
There have been no reported losses on NCR ATMs using this class of attack to dispense cash or to compromise information.

 New logical attacks being reported in India
NCR is investigating a series of logical attacks on ATMs in India.

 Update on new logical attacks in India
NCR is investigating a series of logical attacks on ATMs in India.

 

June 

 New variation of card reader eavesdropping attacks
NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.

 New variation of card reader eavesdropping attacks (Spanish)
NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.

 

July 

 Malware attacks on ATMs in Brazil
NCR has confirmed a series of malware attacks on ATMs in Brazil.

 Card skimming attacks in the US and Mexico
NCR is tracking an increasing frequency of card skimming attacks in both the US and in Mexico.

 

August 

 Black Box attacks in Germany
In this series of attacks, freestanding front access Personas ATMs located in lobby environments have been targeted.

 

September 

 Clarification on card skimming
The form of attack known as Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.

 Reports of new form of ATM malware
There are claims of a new variant of malware which targets all ATMs from a range of ATM vendors.

 Bluetooth skimming in Mexico
This attack is described as consisting of electronic devices that are installed inside the ATM that are capable of capturing card data and PIN data, and then using Bluetooth technology to transmit the data to the attacker.

 GreenDispenser malware
GreenDispenser interacts with XFS middleware to interface with the pinpad and cash dispenser. It is likely it is using published CEN XFS interfaces.

 Black Box attack in Poland
NCR is issuing this update alert to inform that Personas Black Box attacks have spread to Poland.

 

October 

 Stereo skimming attacks in Ireland
In a stereo skimming attack the criminals use twin skimming readheads for the purpose of filtering out the protection provided by electromagnetic anti-skimming jamming signals

 

November

 Card skimming advisory
Evolution of card skimming attacks on ATMs

 

December

 Host ghosting attacks in Eastern Europe
NCR has received reports that a customer has been attacked via an attack that took advantage of unencrypted communications and no MACing at the ATM allowing an unauthorized dispense of cash.