Beware: Man in the Middle Attacks
NuSource has recently received reports of ATM attacks targeting multiple financial institutions across the USA. The attackers are opening the top portion of the ATM. They are attaching a handheld device between the terminal and the ATM Network using the ethernet connection to create a “Man in the Middle Attack."
After closing the machine, a second wireless device is placed on top of the terminal. They then perform a transaction with a stolen or cloned card to confirm the network connection before using the equipment to send new transaction requests to dispense cash that is intercepted and altered to send requests for more bills to the terminal. This is repeated until the machine is empty while only showing minimal withdrawal amounts in the ATM network. Man in Middle Attacks have been moving around the US and are impacting all manufactures' terminals regardless of make or model.
NuSource is recommending that the following actions be taken immediately.
Work with your ATM network to get TLS 1.2 enabled and in place on your terminals.
Add an alarm switch (with an audible siren) to the top portion of your terminals. This is likely the fastest option to secure your devices.
Add security gates to your locations to prevent access to the top portion and other malicious attacks on your ATMs.
Ensure your ATMs are protected by malware such as Appguard.
This will not prevent a Man in the Middle Attack but will prevent any additional malware infections on the terminals.
To learn more about how to protect your FI,