During several years, ATMs were jackpotted so many times with malware. They had various names, but equal possibility - malware based on financial applications standard. However, when banks tried to protect their ATMs from malware attacks, fraudster continued the cat-and-mouse game by ignoring host and using different attack vectors.
For last year, banker's minds were full by other pain. Sometimes ATMs become empty and it looks like a miracle for banks. Malicious guys use so called "black boxes" to connect directly to dispenser to eject money. Such attack circumvent all software protections on the host machine.
But host to dispenser is only one side. On the other side, we have all kinds of connections to the outer world. From X.25 to Ethernet and cellular networks. Thousands of ATMs can be attacked by MiTM-attack called fake processing center. Or many of them can be identified with Shodan and then be attacked due to security misconfiguration, administrators laziness and lack of communication between different departments in banks.
In course of our presentation, we won't speak about XFS, different Typkins or plain old skimmers. We will concentrate on different aspects of network and internal security problems of ATMs. We will cover some basic controls that are already there and why they are important, as well as we will provide some advices to be implemented. Remember, trust zone - it's not about ATMs!
We will continue our presentation from previous year.We will dig into technical details of attacks on ATMs produced by more wide spread vendors. Presentation will concentrate on two aspects: network communications of ATMs with processing centers and communication of host with it's peripherals. We will describe how attackers transform ATM into skimming device without any physical access to it or steal all money without any forensic evidence in ATM logs.