Security News
The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.
Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader - rather than swipe or insert it - to make a payment or extract money from a cash machine.
Unlike traditional ATM skimmers that run on hidden cell phone batteries, the ATM shimmers found in Mexico did not require any external power source, and thus could remain in operation collecting card data until the device was removed. Organized crime gangs that specialize in deploying skimmers very often will encrypt stolen card data as a way to remove the possibility that any gang members might try to personally siphon and sell the card data in underground markets.
Florian "The Shark" Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court. Tudor, a native of Craiova, Romania, moved to Mexico to set up Top Life Servicios, an ATM servicing company which managed a fleet of relatively new ATMs based in Mexico branded as Intacash.
The leader of Mexico's Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico's top tourist destinations over the past five years. Jose de la Peña Ruiz de Chávez, who leads the Green Ecologist Party of Mexico, was dismissed this month after it was revealed that his were among 79 bank accounts seized as part of an ongoing law enforcement investigation into a Romanian organized crime group that owned and operated an ATM network throughout the country.
The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded. UK government-owned company which runs the familiar local outlets has awarded Cennox a £26m contract for banking automation managed services while Vocalink has won a £4m contract for provision of a highly resilient, compliant and secure platform providing ATMs. The Post Office said last year it planned to close almost a third of its 2,000 cash machines, which are free to use and valuable to the public where alternative facilities are scarce.
The PCI Security Standards Council and the ATM Industry Association issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention. An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.
This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command. Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise used by the North Korean government in an automated teller machine cash-out scheme - referred to by the U.S. Government as "FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks."
The CERT Coordination Center at Carnegie Mellon University has published alerts on several vulnerabilities that impact Diebold Nixdorf ProCash and NCR SelfServ automated teller machines. A vulnerability in the Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30, CERT/CC reveals, could be abused by an attacker with physical access to internal machine components to commit deposit forgery.
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency. "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the cash and check deposit module and the host computer. An attacker with physical access to internal ATM components can intercept and modify messages, such as the amount and value of currency being deposited, and send modified messages to the host computer," the CERT Coordination Center at Carnegie Mellon University explained the root of CVE-2020-9062.