Blackbox ATM attacks and any type of network or software abuse of XFS against the ATMs require to use and extensive interaction whit the cash dispenser communication.
The News version of any cash dispense models of any ATM Hardware provider they use USB communication to interact whit the Core PC whit the Terminal I/O from cash dispense.
At Cyttek we have design a solution to be able to block at any time at any moment the Cash dispenser from the Core PC and detect any BlackBox attacks that use USB MITM or software extensive abuse of XFS calls to api without installing any white-listing or any PC software.
Most of MITM ATM network attacks can be blocked by using Virtual private networks, but when the MITM is inside the ATM abusing USB connections or the malware is coming from the PC core or the Transaction network is using an abuse of XFS authorization packets, all this families of attacks relies in heavy use of the cash dispense to extract money.
By studding in different clients this type of attacks we have found a way to solve this issues by designing a ARM linux version for protection against this type of attacks.
example of ATM Attack using USB
Example of ATM Ethernet Attack
Most of the times the ciber crime gangs use a linux devices or especial an custom hardware to insert in the ATM to make the ATM dispense cash or copy credit card information.
We found that there isn't any solution that protects the cash dispense Terminal it self, of course you can find white listing, Firewalls, VPN, antimalware, anti skimming and other software related.
But whit our approach we can at any time block blackbox attacks, Software and Network Dispense orders and also block the cash dispense to any suspicious cash trapping attack (remotely) that can be detected in our Cyttek XFS analytics software or Virtual Journal monitoring Solution.
also bad guys use just one connection from they Blackbox to the cash dispense without allowing bi-directional (normal) communication from PC core to Terminal I/O, we have make that possible a special communication channel to allow the ATM to communicate back and forth like any other normal configuration but whit the security features that the XFS protocol dont allow like Firewall rules and remote block cash dispense and many other