IBM security expert Serguei Tchesnokov recently wrote about the dangers of ATM network security threats. Threat actors are increasingly moving towards network based attacks to loot ATMs, as it eliminates the need to physically access the ATMs.
According to the report, a large number of banks have failed to notice the shift towards network based attacks.
Recent ATM attacks include the looting of $2.66M from 41 ATMs located at 22 Taiwanese branches in July of 2016.
Later that same year, the Cobalt cybercriminal group launched ATM network-based attacks on several countries to include U.K., Spain, the Netherlands, Romania, Poland and Russia.
The IBM security team says at least three security gaps need to be addressed to protect against ATM threats:
1) Ignoring Network Segregation (mitigation: separate ATM networks from main corporate network)
2) Lack of Security Between Network (mitigation: install perimeter firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS) and antivirus software)
3) Outdated Operational Systems (mitigation: eliminate outdated and unpatched OS such as Windows XP systems).
Further guidance includes the need for security information and event management (SIEM) tools used to receive security logs from ATM and other network systems for security monitoring purposes. SIEM tools are further used to enable correlation rules to help security analysts monitor activities such as as entries into the network, the launching of unsolicited services, software integrity and antivirus feeds, just to name a few.