BLACK BOX ATTACKS ARE ON THE RISE
We have received reports of a spike in Black Box attacks targeting Through-The-Wall (TTW) NCR SelfServ ATMs in the United Kingdom. A Black Box attack occurs when a criminal disconnects the cash dispenser from the ATM system and reconnects it to a device (the Black Box) that sends a message to dispense cash from the machine.
Previous Black Box attacks involved criminals opening the top box on lobby ATMs. These recent attacks are different because criminals drilled through the fascia to remove the ATM screen so they could access the USB hub. This also resulted in significant damage to the ATM.
Even though these attacks have sprung up in the UK, it’s our experience that once a method proves effective, word travels quickly. Financial Institutions should take note because all Through-The-Wall ATMs are at risk.
In light of this information, FTSI and NCR have the following recommendations which will help financial institutions mitigate the risks posed by these Black Box attacks:
Steps to Take to Combat Black Box Attacks:
- Use the standard protection available in the APTRA XFS platform software and keep it up to date
- Set the dispenser security to PHYSICAL (LEVEL 3) Authentication
- Upgrade the dispenser XFS software component to the version included in APTRA XFS 06.03. (NOTE: This is the MANDATORY minimum version. The recommended version is APTRA XFS 06.04.01.)
FTSI reminds you to always keep an eye out for suspicious persons loitering near your ATMs and if you suspect your ATM has been tampered with or attacked, please call the local authorities first as criminals may still be nearby.