"When conducting security analysis, we identify vulnerabilities related to network security, configuration flaws, insufficient protection of peripherals. Together, these flaws allow attackers to steal money from an ATM or to steal bank card data. At the same time, the security mechanisms used are not a serious obstacle to the implementation of attacks: in almost all cases, the possibility of circumventing the installed means of protection was revealed," the study said.
The company chose 26 ATMs manufactured by NCR, Diebold Nixdorf and GRGBanking in its study, with each of the ATMs having a unique configuration.
The study revealed that the types of attacks on the same ATM model differed depending on the type of connection to the processing centre, the installed software, the protection measures used and other specific parameters.
The Positive Technologies' study also revealed that about 92 per cent of ATMs do not have an adequate level of protection against another method of attack — connecting to ATM's hard disk drive. If an attacker manages to connect to an ATM in this way, he will be able to write a malicious program to the hard drive allowing him to bypass or disable the security tools.
In addition, about 85 per cent of ATMs are vulnerable to network attacks, the firm said. Its experts have revealed that hackers could interfere in the conduct of ATM transactions, for example, requesting to issue a large amount of cash. About 69 per cent of ATMs remain vulnerable to black box attacks when attackers connect to an ATM dispenser to send a command to issue cash, the study noted.