Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

9 Pen Testing Essentials for Making ATMs Less Hackable

Criminals fancy ATMs for the same reason cybercriminals do: convenience. There are some four million cash machines neatly scattered throughout the world, and most are brimming with tens of thousands of bucks. Best of all, no interaction is required to make a withdrawal, benign or otherwise. No surprise, then, that thieves have spent years licking their lips over these electronic banks and dreaming up the most efficient and effective ways to  drain them of cash.

What may have started with explosions and outright theft of the machines - methods that remain popular with the smash-and-grab crowd - the more technically inclined lawbreakers have turned their focus to the less dramatic, but potentially more damaging. They are targeting the computing elements of the ATM and bank networks, allowing their crime sprees to grow exponentially more prolific because of the sheer number of machines they can hit before anyone catches on.


Click to get a free guide on security testing in the financial industry

This began with crude skimming devices and master password exploits, and elevated to malware that infiltrates the operating system. And these incursions continue to evolve. From tiny, Bluetooth-enabled skimming devices that are barely detectable because of how deeply they can placed inside the card reader to miscreants who are skipping the physical intrusion tactic altogether and instead penetrating the internal network of a bank with malware to remotely access ATMs, attacks against cash machines are not only accelerating - they're maturing.

And just this week, researchers reported on a unique development: ATM malware is now commercially available on the cheap in the cybercriminal underground.

Trustwave SpiderLabs EMEA Senior Security Consultant Neil Burrows, who advises banks on how to better monitor and lock down their ATMs, believes financial institutions can implement better measures to make these public-facing vaults more resilient to attack. He offered the following recommendations for helping keep the villains at bay.


1) Lock Up

The default locks (to secure the PC internals of) ATMs come supplied with are woefully insufficient. These are usually of the tubular lock variety and are trivial to bypass in a matter of seconds. Upgrading these locks is essential for any ATM in a public space.


2) Defend Against Tampering

Devices that steal credit and debit card information, such as skimmers and card catchers, are becoming more common and sophisticated. Banks should routinely check ATMs for signs of tampering, monitor surveillance cameras closely and activate "chassis" intrusion detection, a feature on some motherboards. Meanwhile, users should also check for signs of tampering by examining the card reader for indications it may be a fake cover the PIN pad when they enter their secret code to avoid a concealed camera possibly installed by the crooks from taking a photo.


3) Set up Alarms and Monitoring

Chassis intrusions, as well as the operating system reboots, can be tell-tale signs that an attack is underway. They must be closely monitored in real time to help prevent malicious activity from going unnoticed.


4) Turn on the Cameras

Both CCTV cameras external to the ATM and pinhole security cameras inside the ATM are valuable in helping identify attackers and/or providing assistance with the timeline during a forensic investigation.


5) Harden the Internals

Encrypted transaction logs are vital. The latest ATMs now offer full-disk encryption, which is recommended if available. Sometimes attacks involve the non-destructive bending of the side panels (using inflatable wedges, more commonly used to open car doors) to access the internals. Therefore, an ATM in a low-traffic or less-secure environment needs to employ more robust casing and internal lock mechanisms that cannot be easily bypassed by such methods. Reinforced paneling should also be considered to protect access to any USB or other interface ports to help prevent "black box" attacks.


6) Encrypt the Network Traffic

Checks must be performed to ensure all transaction traffic is encrypted and to a sufficient key length (e.g no less than 128-bit), and to verify that "replay" and "protocol downgrade" attacks are unsuccessful.


7) Don't Leave Wires Hanging

ATMs in public areas, which are machines that are not through-the-wall models, must not have network cables or routing devices accessible, as these can be easily abused to circumvent security via, for example, man-in-the-middle attacks.


8) Dig deeper into Technology Defenses

BIOS passwords, USB blocking (to prevent unauthorized boot and HID devices), application whitelisting and strict IP filtering (to permit trusted hosts only) are among the best ways to inhibit all but the most determined attacks against the underlying operating system.


9) Patch with Vigilance

Keeping up to date with the latest ATM vendor-supplied hotfixes is essential, but must not be relied in isolation to prevent the worst from happening. Patching should only be considered beneficial as part of a widely layered security process.

If you are interested in learning more about how a broad and flexible managed security services portfolio can give you and your organization a big lift, let us know.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More