SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Kaspersky improves security for ATMs and PoS systems
Tue, 28th Apr 2020
FYI, this story is more than a year old

Kaspersky has launched a new version of its Embedded Systems Security which has improved security for ATMs in remote areas with a 2G internet connection.

In fact, its technical requirements for speed starts from 56 kbp/s. The solution provides advanced protection for ATMs and PoS (point of sale) systems, and other Windows-based embedded devices.

With the new version, the solution can be remotely managed and updated on devices in remote areas to ensure continual service availability. Notably, the new version can detect and block against port scanning, bruteforce and denial of service and network exploits.

Port scanning is where cyber criminals search for open ports, services running on them and vulnerabilities of these services. The gained information allows malefactors to choose an effective attack vector.

Bruteforce is where cyber attackers target an active Remote Desktop Protocol (RDP) on an ATM or PoS, and use this for gaining access to the device by trying to guess the right password through submitting multiple character combinations to the service.

Finally, Denial of Service and network exploits are attacks by cyber criminals where they send a large amount of data or data in a format that cannot be handled by an application, in order to stop the work of an embedded device or abuse an unpatched vulnerability to initiate an infection.

The new version also includes a new Network Threat Protection component to prevent attacks on a network layer. Essentially, this feature monitors inbound and outbound traffic to detect suspicious network activity and blocks the communication between the device and the source of malicious network activity.

Statistics from the Kaspersky Security Network in 2019, with data captured from Kaspersky solutions, noted that the amount of malware targeting embedded systems grew by 40% compared to figures from 2018, indicating that ATMs, PoS and other similar systems became a target for cybercriminals.

Kaspersky also noted that protecting these devices is challenging when they reside in remote locations where a wireless modem is used for internet connection and the area has poor cellular coverage or is not covered by modern wireless standards (such as 3G and above).

According to Kaspersky, certain issues regarding traffic overloading or malicious actions could be severely detrimental in such a situation, resulting in the device being unstable or unable to function as needed.

In order to resolve such issues, Kaspersky has optimised the volume of traffic shared by Kaspersky Embedded Systems Security to reduce the payload.

Typically, the server periodically sends security policies to the ATM, which returns the applied settings. It allows for monitoring to show that the policies were not changed.

With the updated Kaspersky Embedded Systems Security, the ATM would not send the whole of the acting policies back to the server, thus reducing the intensity of the data exchange.

However, this doesn't affect control over the device, as the ability to change these policies on the cash machine is strictly regulated by the security solution.

This solution, and other data exchange optimisations, ensures that functions continue to run even in regions where only a low speed internet connection, such as that provided by the 2G standard, is available.

Kaspersky senior B2B product marketing manager Oleg Gorobets says, “Some people prefer to pay with cash, and in some places, there is just no other option. This means people's daily lives depend on access to physical currency.

"So, banks need to provide their customers with means for withdrawing money. Our clients from the banking industry, as they take care of this need, find themselves facing the issue of poor internet connectivity in remote areas.

"This can affect the quality of their service, which is supposed to be delivered both conveniently and securely. In order to help them solve this problem, we have included low bandwidth tolerance to the list of optimisations we made in the new version of Kaspersky Embedded Systems Security.