Menu

Fraud & Security Alerts Archive

 

Security Alerts

 



2018

 

November

 

 APTRA XFS Platform Component Security Update

 

 Currency Theft from 6688 in North America

 

 

September

 

 Update for S1 and S2 Currency Dispenser

 

 Securing from Cash Out Attacks - Best Practices

 

 

August

 

 Deep Insert Skimming on Motorized Card Readers

 

 Cash Out Attacks in the US

 

July

 

 Transaction Reversal Fraud

 

June

 

 Continued Expansion of Logical Attacks on ATMs in the US

 

April

 

 BIOS updates for Spectre and Meltdown Vulnerabilities

 

February
  

 Critical Platform Component Update for S1 and S2 Currency Dispenser


January
 

 Jackpot Attacks in the US
 

Update on Spectre and Meltdown Vulnerabilities


 New Chip Security Vulnerabilities


2017


November
 

 Intel vulnerabilities in Skylake/Kabylake chip


October
 

 Black Box variant attack in Mexico


June
 

 Eavesdropping Skimming Attacks on ATMs in the USA


 Petya Ransomware


 Black Box Attacks on ATMs in the UK


May
 

 Update on Global Ransomware attacks - WannaCry


 Security vulnerabilities on Intel AMT chips on ATM motherboards


March
 

 Deep Insert Skimmer Attacks


February
 

 NCR Security Alert - Fileless Malware


 Global Logical ATM Attacks Guidance


2016
 

December
 

 NCR Security Alert - 2016-14 Cash Trapping in Spain


Cash Trapping “Type 1” Attacks in Spain


November
 

 Media coverage of recent Cobalt Logical Attacks on ATMs


Media coverage of recent Cobalt Logical Attacks on ATMs


August
 

 Malware Attack in Thailand


Network Malware Attack in Thailand - Global Alert


 Personas Black Box attacks continue to grow in Europe, now reported in UK


We are now able to confirm attempts of Black Box attacks on Personas ATMs in the UK. Black box attacks were previously reported in Mexico, Brazil, Germany, Spain, Poland, Russia, Italy and the Czech Republic.


 NCR EMV Position


An NCR presentation highlighted solution recommendations to deal with a potential vulnerability in retail points of interaction (i.e. EMV card readers). The potential vulnerability does not apply to nor affect NCR ATMs or software in any way.



May

 

 Reports on "Skimer" and "ATM infector" malware


This particular malware is reportedly able to capture cardholder data (including PIN) from consumers who use the ATM and perform an unauthorized dispense of cash from the ATM.


 Logical attack advisory for U.S. and Canada


An unspecified number of ATMs in the U.S. and Canada are being targeted for Black Box attacks.


 Expansion of Deep Insert Skimming attacks


‘Deep Insert Skimming’ is becoming more viable for criminals as a tactic to avoid bezel mounted anti-skimming defenses.


April
 

 Black Box attacks on ATMs in Germany


Black Box attack results in an unauthorized dispense of cash from the ATM.


 Black Box attacks on ATMs in Italy


This attack results in an unauthorized dispense of cash from the ATM.


March
 

 Offline malware attack in Ukraine


This attack is similar to previous malware attacks we have seen used to dispense cash from ATMs.  

 

2015

 

February
 

 "Man-in-the-middle" network attack in Mexico


Occurs when network infrastructure is compromised and malware is placed within a bank's network.


 Network inserted malware attacks on bank computers


NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.


 Network inserted malware attacks on bank computers - (Spanish)


NCR is analyzing a report released by Kaspersky in relation to the attacks recently recorded by inserting malware into the network.


March
 

 Update on Carbanak attacks on bank network computers


There have been no reported losses on NCR ATMs using this class of attack to dispense cash or to compromise information.


 New logical attacks being reported in India

NCR is investigating a series of logical attacks on ATMs in India.


 Update on new logical attacks in India


NCR is investigating a series of logical attacks on ATMs in India.


June
 

 New variation of card reader eavesdropping attacks


NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.


 New variation of card reader eavesdropping attacks (Spanish)


NCR has been investigation a new method to capture card data by means of Card Reader Eavesdropping.


July
 

 Malware attacks on ATMs in Brazil


NCR has confirmed a series of malware attacks on ATMs in Brazil.


 Card skimming attacks in the US and Mexico


NCR is tracking an increasing frequency of card skimming attacks in both the US and in Mexico.


August
 

 Black Box attacks in Germany


In this series of attacks, freestanding front access Personas ATMs located in lobby environments have been targeted.


September
 

 Clarification on card skimming


The form of attack known as Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.


 Reports of new form of ATM malware


There are claims of a new variant of malware which targets all ATMs from a range of ATM vendors.


 Bluetooth skimming in Mexico


This attack is described as consisting of electronic devices that are installed inside the ATM that are capable of capturing card data and PIN data, and then using Bluetooth technology to transmit the data to the attacker.


 GreenDispenser malware


GreenDispenser interacts with XFS middleware to interface with the pinpad and cash dispenser. It is likely it is using published CEN XFS interfaces.


 Black Box attack in Poland


NCR is issuing this update alert to inform that Personas Black Box attacks have spread to Poland.


October
 

 Stereo skimming attacks in Ireland


In a stereo skimming attack the criminals use twin skimming readheads for the purpose of filtering out the protection provided by electromagnetic anti-skimming jamming signals


November

 Card skimming advisory


Evolution of card skimming attacks on ATMs


December


 Host ghosting attacks in Eastern Europe


NCR has received reports that a customer has been attacked via an attack that took advantage of unencrypted communications and no MACing at the ATM allowing an unauthorized dispense of cash.