Europol signs MoU to prevent cyber-attacks on ATMs & PoS terminals

Europol signs MoU to prevent cyber-attacks on ATMs & PoS terminals

Europol has signed a Memorandum of Understanding with Diebold Nixdorf, a global provider of ATMs and point-of-sale technology to ensure the security of ATM-based transactions as well as transactions made via point-of-sale systems in the European Union.

According to Europol, the new agreement will enable the two organisations to fight organised crime activity related to attacks against self-service ecosystems and to exchange relevant technical information and knowledge on major cyber threats.

Hackers compromising ATMs on a large scale

Back in October, US-CERT, the United States Computer Emergency Readiness Team, revealed how a North Korea-based hacker group known as Hidden Cobra (also known as the Lazarus Group) used a unique technique to withdraw cash from ATMs after compromising the associated bank's server.

Using this technique, dubbed FASTCash by the US-CERT team, Hidden Cobra hackers "remotely compromise payment switch application servers within banks to facilitate fraudulent transactions" and have stolen millions of dollars worth of cash since 2016.

"HIDDEN COBRA actors target the retail payment system infrastructure within banks to enable fraudulent ATM cash withdrawals across national borders. HIDDEN COBRA actors have configured and deployed legitimate scripts on compromised switch application servers in order to intercept and reply to financial request messages with fraudulent but legitimate-looking affirmative response messages.

"Although the infection vector is unknown, all of the compromised switch application servers were running unsupported IBM Advanced Interactive eXecutive (AIX) operating system versions beyond the end of their service pack support dates," US-CERT said.

"HIDDEN COBRA actors exploited the targeted systems by using their knowledge of International Standards Organization (ISO) 8583—the standard for financial transaction messaging—and other tactics. HIDDEN COBRA actors most likely deployed ISO 8583 libraries on the targeted switch application servers. Malicious threat actors use these libraries to help interpret financial request messages and properly construct fraudulent financial response messages," it added.

New front against cash-hungry cyber criminals

While it remains to be seen if the recent Memorandum of Understanding signed between Europol and Diebold Nixdorf will enable the two organisations to prevent future attacks launched by Hidden Cobra or other hacker groups on ATMs, Steven Wilson, Head of the European Cybercrime Centre (EC3), has expressed hope that the MoU will increase Europol's "effectiveness in preventing, prosecuting and disrupting cybercrime related to self-service ecosystems".

"As a company with a strong global presence, a working cooperation of this type between Europol and Diebold Nixdorf is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise our industry partners bring with them are going to result in a significant benefit to our Europe-wide investigations," Wilson said.

"As a global leader in connected commerce, Diebold Nixdorf is committed to ensuring the security of the millions of transactions enabled by our technology each day. The signing of this Memorandum of Understanding with EC3 reinforces our commitment to proactively fight cybercrime, and we look forward to intensive, industry-wide information exchange as well as joint projects that will help protect our customers and prevent incidents related to self-service ecosystems," said Bernd Redecker, Director of Corporate Security and Fraud Management at Diebold Nixdorf.


How a North Korean hacking group has been stealing money from ATMs

Copyright Lyonsdown Limited 2020

Top Articles

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Hackers exploited flaws in Accellion FTA to steal data from Qualys

Qualys said hackers exploited a zero day vulnerability in Accellion's FTA to infiltrate an FTA server deployed in its DMZ environment.

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

Related Articles