Fraud & Security Alerts Archive
2023
May
NCR Security Alert - Money Order Fraud
January
Transaction Reversal Fraud (TRF) in Europe and the USA
New “Deep Insert” Card Skimmer M.O. for DIP card readers
2022
October
Recent hook-and-chain attacks mitigated by ink staining technology around Houston, Texas (USA)
September
June
“BootHole” GRUB2 Vulnerability
January
NCR Security Alert - New Card Skimmer
2021
December
NCR Security Alert - NFC Vulnerability
September
July
Print Spooler Vulnerability (AKA PrintNightMare) - Guidance and recommendations from NCR
Press reports of NFC flaws at ATMs - Guidance and recommendations from NCR
March
Transaction Reversal Fraud (TRF)
New NCR ATM security guidance now published
February
Ploutus variation found in ATMs in Latin America
January
Man in the Middle Logical Attacks in India - New guidance and recommendations from NCR
2020
September
Increase of Physical Attacks in the USA - New guidance and recommendations from NCR
July
January
Microsoft Security Patch Updates for Windows 10
Microsoft Security Patch Updates KB4530734 & KB4530692 for Windows 7
Important Updates and Actions required relating to Microsoft Security Patch Updates
2019
December
NCR ATM Security Update - Combination Lock Filming
New Long Nose Overlay Skimmers
November
Transaction Reversal Fraud in the UK
An Update on ATM Jackpotting Attacks
August
Microsoft Remote Desktop Services Vulnerability (aka Blue Keep)
January
Black Box attacks on 6622 model ATMs in Mexico
Configuration advisory for S1 and S2
2018
November
APTRA XFS Platform Component Security Update
Currency Theft from 6688 in North America
September
Update for S1 and S2 Currency Dispenser
Securing from Cash Out Attacks - Best Practices
August
Deep Insert Skimming on Motorized Card Readers
July
June
Continued Expansion of Logical Attacks on ATMs in the US
April
BIOS updates for Spectre and Meltdown Vulnerabilities
February
Critical Platform Component Update for S1 and S2 Currency Dispenser
January
Update on Spectre and Meltdown Vulnerabilities
New Chip Security Vulnerabilities
2017
November
Intel vulnerabilities in Skylake/Kabylake chip
October
Black Box variant attack in Mexico
June
Eavesdropping Skimming Attacks on ATMs in the USA
Black Box Attacks on ATMs in the UK
May
Update on Global Ransomware attacks - WannaCry
Security vulnerabilities on Intel AMT chips on ATM motherboards
March
February
NCR Security Alert - Fileless Malware
Global Logical ATM Attacks Guidance
2016
December
NCR Security Alert - 2016-14 Cash Trapping in Spain
Cash Trapping “Type 1” Attacks in Spain
November
Media coverage of recent Cobalt Logical Attacks on ATMs
Media coverage of recent Cobalt Logical Attacks on ATMs
August
Malware Attack in Thailand
Network Malware Attack in Thailand - Global Alert
Personas Black Box attacks continue to grow in Europe, now reported in UK
We are now able to confirm attempts of Black Box attacks on Personas ATMs in the UK. Black box attacks were previously reported in Mexico, Brazil, Germany, Spain, Poland, Russia, Italy and the Czech Republic.
NCR EMV Position
An NCR presentation highlighted solution recommendations to deal with a potential vulnerability in retail points of interaction (i.e. EMV card readers). The potential vulnerability does not apply to nor affect NCR ATMs or software in any way.
May
Reports on "Skimer" and "ATM infector" malware
This particular malware is reportedly able to capture cardholder data (including PIN) from consumers who use the ATM and perform an unauthorized dispense of cash from the ATM.
Logical attack advisory for U.S. and Canada
An unspecified number of ATMs in the U.S. and Canada are being targeted for Black Box attacks.
Expansion of Deep Insert Skimming attacks
‘Deep Insert Skimming’ is becoming more viable for criminals as a tactic to avoid bezel mounted anti-skimming defenses.
April
Black Box attacks on ATMs in Germany
Black Box attack results in an unauthorized dispense of cash from the ATM.
Black Box attacks on ATMs in Italy
This attack results in an unauthorized dispense of cash from the ATM.
March
Offline malware attack in Ukraine
This attack is similar to previous malware attacks we have seen used to dispense cash from ATMs.
2015
February
"Man-in-the-middle" network attack in Mexico
Occurs when network infrastructure is compromised and malware is placed within a bank's network.
Network inserted malware attacks on bank computers
NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.
Network inserted malware attacks on bank computers - (Spanish)
NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.
March
Update on Carbanak attacks on bank network computers
There have been no reported losses on NCR ATMs using this class of attack to dispense cash or to compromise information.
New logical attacks being reported in India
NCR is investigating a series of logical attacks on ATMs in India.
Update on new logical attacks in India
NCR is investigating a series of logical attacks on ATMs in India.
June
New variation of card reader eavesdropping attacks
NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.
New variation of card reader eavesdropping attacks (Spanish)
NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.
July
Malware attacks on ATMs in Brazil
NCR has confirmed a series of malware attacks on ATMs in Brazil.
Card skimming attacks in the US and Mexico
NCR is tracking an increasing frequency of card skimming attacks in both the US and in Mexico.
August
Black Box attacks in Germany
In this series of attacks, freestanding front access Personas ATMs located in lobby environments have been targeted.
September
Clarification on card skimming
The form of attack known as Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.
Reports of new form of ATM malware
There are claims of a new variant of malware which targets all ATMs from a range of ATM vendors.
Bluetooth skimming in Mexico
This attack is described as consisting of electronic devices that are installed inside the ATM that are capable of capturing card data and PIN data, and then using Bluetooth technology to transmit the data to the attacker.
GreenDispenser malware
GreenDispenser interacts with XFS middleware to interface with the pinpad and cash dispenser. It is likely it is using published CEN XFS interfaces.
Black Box attack in Poland
NCR is issuing this update alert to inform that Personas Black Box attacks have spread to Poland.
October
Stereo skimming attacks in Ireland
In a stereo skimming attack the criminals use twin skimming readheads for the purpose of filtering out the protection provided by electromagnetic anti-skimming jamming signals
November
Card skimming advisory
Evolution of card skimming attacks on ATMs
December
Host ghosting attacks in Eastern Europe
NCR has received reports that a customer has been attacked via an attack that took advantage of unencrypted communications and no MACing at the ATM allowing an unauthorized dispense of cash.