State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

ATM Vulnerabilities Allow Deposit Forgery Attacks

NJCCIC Advisory

Original Release Date: 8/28/2020

Summary

Automated teller machine (ATM) companies Diebold and NCR released updates to fix a number of vulnerabilities discovered last year that may have permitted deposit forgery attacks. Deposit forgery flaws, which are considered rare, may be exploited by an attacker who has physical access to an affected ATM by intercepting and modifying messages while depositing funds, artificially increasing the deposited amount, and then withdrawing the excess funds. CVE-2020-9062 affects Diebold ProCash 2100xe USB ATMs running Wincore Probase software, and CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS software. Additional flaws considered less severe were also identified and patched. This past weekend, the FBI and local police arrested dozens of suspects across NJ for exploiting  vulnerabilities within Santander ATMs. The suspects purportedly withdrew funds from preloaded or fake debit cards during the incidents. Though the exploited vulnerabilities have not been correlated to those listed above, these similar incidents highlight the ease with which the ATM flaws may be exploited, as well as the importance of patching these systems. Additionally, CISA released a joint alert (AA20-239A) identifying malware and indicators of compromise (IOCs) used by the North Korean government in ATM cash-out schemes referred to by the US government as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks.” The US does not appear to be targeted in these schemes at the time of this writing; however, organizations are urged to apply recommendations and report any suspicious activity related to the identified IOCs to local law enforcement.

Recommendations

The NJCCIC urges organizations using affected ATMs to apply software updates immediately after appropriate testing and advise all organizations to review any security advisories provided by vendors for additional implementations. Furthermore, we recommend limiting physical access to ATMs, adjusting deposit transaction business logic, and implementing fraud monitoring. Additional information can be found in the HelpNet Security article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.