The ATM Black box attacks are the banking system crimes conducted on the ATM’s by cyber-criminals. The cyber-criminals bore a hole on the top of ATM’s to connect an external device called black box to the cash dispensers. Once the cyber-criminals find the cash dispenser in the ATM’s internal system, they disconnect it with the ATM’s internal network and connect it to the external device. The black box then works as the middleman between the cyber-criminals and the cash dispenser. The cyber-criminals will now have full access to withdraw the money. They use a black box to command cash dispenser to release the currency.
The black box used by the criminals to attack the ATMs is made up of a single-board computer. Devices like Raspberry Pi are employed to perform specific tasks. Black box devices are called a magical gadget that blocks all the security software of the ATM’s. Some of the software-based securities found in ATM’s are Integrity control, full disk encryption, and AV tools.
To avoid chances of losing the black box cyber criminals eradicate the core functionalities from black box and then connect it to a smartphone to send commands over to it over network.
The cyber-criminals can put the cash withdrawal process to work without any testing. They install the corrupted utilities into the black box. And the black box is later connected to the cash dispenser to get the cash. The ATM black box attacks leave no logs and traces in most of the cases. Black box attacks do not reflect on the OS, application control software, or on the processing centers.
The parts like LED indicator and Toggle switches can be found on the black box. Once the black box is attached to the internal devices, one can operate with the ATM software, or the black box can also completely replace the original ATM software. In contrast, some of the ATM black box can seize information such as passwords, cardholder data, administrator codes, and encryption keys.
The ATM black box attackers or cyber-criminals follow some of the steps while attacking the ATM’s. One of the procedures of attack followed is the first step they obtain the connection between the cash dispenser and the ATM black box. Cyber-criminals split themselves into distinct groups. The first person who enters the ATM rips up the top customer service area of ATM and plugins the black box to it. In the second step, several peoples dressed like regular customers enter the ATM and withdraws a large amount of cash from the bank. Finally, the person who fixed the black box appears to take out his device and walks out of the ATM.
The bank officials will not be able to notice this foul play until they see the miscalculation between the money withdrawal log and the empty vault. So, detecting the ATM black box attacks is very important.
Some of the tips to identify the ATM black box attack are as follows:
• An ATM should shut down or reset itself when a cash dispenser disconnects itself from the system.
• Once the cyber-criminals use the Black box, it is either removed or left in the same place to conduct future attacks. So, the staff should be equipped with the required training and knowledge to inspect the ATM regularly for the evidence. Some of the behaviours shown by the ATM attacked by the Black box are loose or unclipped cables, cable with loose or unsecured connections, and rerouted cables.
• It is common to have some errors in the ATM logs when a large amount of money gets withdrawn. Inspecting the ATM logs on-time will provide the information on Black box attacks.
• The cyber-criminals generally target weaker links like non-banking and off-premises retail ATMs to execute the black-box attacks. The hardware and the software of ATM should be updated to avoid ATM black-box attacks. The black-box attacks usually require highly skilled, technical knowledge, and a large number of resources to execute. Some of the measures that provide security from the black-box attacks are as follows.
• Physical defense: providing sufficient physical protection to the ATMs that are more vulnerable to the attacks can save significant losses.
• Updated systems: the ATM software must be updated. Regular checking and monitoring will help in tracking the black-box attacks.
• Changing hardware: the black box attackers usually bore the hole on the top of the ATM, so it is required to update the hardware components of ATM regularly.
• Educate the bank employee: educating the bank employee on the consequences and the various prevention methods to stop a black-box attack is to be initiated, as it allows banks employee to act on time.
• Tracking transactions: the bank officials need to keep track of the amount withdrawn from the ATM.
• Defending black box attack: the hardware encryption between the ATM’s system and dispenser should be defended within the ATM structure.
• Improve data security: Introducing a stronger data security system, which should include encryption, and help to protect cloud-based sensitive data.
To protect your ATM network from black box attacks and other fraudulent activities, the banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.