Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Presentation Title 9/20/2019
1
CyberSecuritySelf Service Devices
Humberto Gonzalez Arias
Director Seguridad DN Mexico & LAM
September 2019
1 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Leveraging our Substantial Expertise to Benefit Customers
Presentation Title 9/20/2019
2
2 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
A World Leader in More than 100 Countries
3 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Creating Security Awareness:
Global Security Portal - gsp.dieboldnixdorf.com
Presentation Title 9/20/2019
3
4 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Creating Security Awareness:
Information sharing & collaboration
Cooperations:
ATM Security Association / ATMIA
Join security activities of ATMIA and ATM Security Association
Active Member of the Security Council
Active Member of the Security Working Groups
European Association for Secure Transactions (EAST)
Working groups EGAP, EGAF & EPTF
MOU with Europol: EC ³
Guideline regarding ATM Malware created in
cooperation with Diebold Nixdorf, NCR, GMV, FTR, ING
and EAST
MOU with FBI:
Collaboration regarding ATM Malware analysis
5 | DIEBOLD NIXDORF |
Content
Background
ATMs Security
A Glance at the future
1
2
3
Presentation Title 9/20/2019
4
6 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Room For Improvement ? Really !!!
7 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
The Very Very basics
ITIL v2 Framework
Planning to implement
Service Management
Service
Support
Service
Delivery Security
Management
Software AssetManagement
Aplication
Management
Business
Perspective
ICTInfrastructure
Management
Th
eB
usin
ess
Th
eTe
ch
no
logy
Presentation Title 9/20/2019
5
8 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Broader Environment
Control Access
IntruderDetection
IT Security
DatabaseCenter
Visitor Managementand
Identify recognitionAsset
Management
EmergencyComunication
Sensorsand
Alarms
UnifySystems
VideoSurveillance
Physical
Security
9 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
The Players
Presentation Title 9/20/2019
6
10 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
The Bad One
11 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
The Bad One
Presentation Title 9/20/2019
7
12 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Fatal Combination
What is Social Engineering?
13 | DIEBOLD NIXDORF |
Content
Background
ATMs Security
A Glance at the future
1
2
3
Presentation Title 9/20/2019
8
14 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
ATMS Security landscape
15 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Why Security Incident Management with ATMs & POS Systems?
Skimming
ShimmingSW Skimming
EavesdroppingCard Trapping
DATA attacks
All fraud and security incidents,
aimed at gaining physical and/or
digital access to card data
Explosion ATM burglary
Internal misuse
Cash Trapping Preparation
Ram raids
PHYSICAL attacks
All fraud and security incidents,
aimed at gaining physical access
directly to ATM cash
Jackpotting Host spoofing
Ransomware TRF
DoS Data breach
CYBER attacks
All fraud and security incidents,
aimed at gaining physical and/or
digital access to system /
communications, data & ATM cash
CPSS Global Wiki: Attack type definitions
Presentation Title 9/20/2019
9
16 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Source: https://www.fireeye.com/blog/threat-
research/2015/09/suceful_next_genera.html
Source: https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
Source: http://blog.trendmicro.com/trendlabs-
security-intelligence/alice-lightweight-compact-no-
nonsense-atm-malware/
Source: https://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html
Understanding ATM malware threatsTaking advantage of the commoditization of the ATM service ecosystem
17 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Understanding ATM malware threatsand as a consequence this attack unfolded
Source : https://www.europol.europa.eu/publications-documents/cashing-in-atm-malware
Presentation Title 9/20/2019
10
18 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Understanding ATM malware threatsVynamic Security, 3 components catering for specific security requirements
Intrusion Protection
Hard Disk Encryption
Access Protection
PrePrePrePre----FabricatedFabricatedFabricatedFabricated security policy enforcing industry and security best industry and security best industry and security best industry and security best practicepracticepracticepractice, delivering compatibly and compliance e.g. SANS, SANS, SANS, SANS, NIST, PCI NIST, PCI NIST, PCI NIST, PCI etc.
Mitigating potential risk Mitigating potential risk Mitigating potential risk Mitigating potential risk by reducing the inherent Operating System attack surface
Keystroke Keystroke Keystroke Keystroke –––– Mouse Mouse Mouse Mouse management blocking / allowing given combination
Software solution (not paperware) Software solution (not paperware) Software solution (not paperware) Software solution (not paperware) with inherent self protection protecting against
manipulation
Industry compatible User and User Group Industry compatible User and User Group Industry compatible User and User Group Industry compatible User and User Group privilege policy privilege policy privilege policy privilege policy for both AD and non-AD driven environments
Extended event logging Extended event logging Extended event logging Extended event logging enabling the support audit trail creation /
reconstruction
19 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Understanding ATM malware threatsVynamic Security, 3 components catering for specific security requirements
Access Protection
Hard Disk Encryption
Intrusion Protection
RealRealRealReal----Time Time Time Time protection protection protection protection and alerting againstagainstagainstagainst both known and unknownunknownunknownunknownthreats delivering so-called zerozerozerozero----day day day day protectionprotectionprotectionprotection
Protection based on behavioral Protection based on behavioral Protection based on behavioral Protection based on behavioral and not static rules covering all aspect of the runtime environment
Protection against unauthorized usage of Protection against unauthorized usage of Protection against unauthorized usage of Protection against unauthorized usage of USB USB USB USB peripheral devices (USB devices,
hard/thumb drives etc.)
Upholding the integrity Upholding the integrity Upholding the integrity Upholding the integrity ofofofof the complete runtime runtime runtime runtime environmentenvironmentenvironmentenvironment incl. all file types, registry, binaries etc.
Secure (remote Secure (remote Secure (remote Secure (remote –––– local) software installation local) software installation local) software installation local) software installation process process process process for all Sw. packages independent of Sw.
distribution solution
Protection against Protection against Protection against Protection against memory attacks memory attacks memory attacks memory attacks and unauthorized access / usages
of memory
Presentation Title 9/20/2019
11
20 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Understanding ATM malware threatsVynamic Security, 3 components catering for specific security requirements
Access Protection
Intrusion Protection
Hard Disk Encryption
Military grade Military grade Military grade Military grade - National Security Agency (NSA) approved AES-256 bit real-time encryptionencryptionencryptionencryption.
Retro fittable Retro fittable Retro fittable Retro fittable via either remote (via Sw. distribution) or locally (technician)
SecureSecureSecureSecure hardware paired Boot / Boot / Boot / Boot / Authentication Authentication Authentication Authentication processprocessprocessprocess (local – central) incl. integrity validation
Supporting TPM Supporting TPM Supporting TPM Supporting TPM (Trusted Platform Module) for storing the encryption /
decryption keys
Central management Central management Central management Central management of all configuration capabilities incl. incl. incl. incl. RecoveryRecoveryRecoveryRecovery and Forensic Forensic Forensic Forensic toolsettoolsettoolsettoolset
RealRealRealReal----TimeTimeTimeTime on-the-fly data Encryption Encryption Encryption Encryption ----decryptiondecryptiondecryptiondecryption
21 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
1: BIOS Management incl. password, boot sequence/parameters, etc.
2: Protection against unauthorized Booting & Access to ATM hard-disk
*C – Assets = Customer – Consumers Assets (card, personal, transactional, Intellectual data)
3: Protection against unauthorized Internal / External Communications
4: Protecting the integrity of all communication - transactions
5: Delivering industry compatibility and hardening of Operating System e.g. industry hardening
7: System Protection against all forms of unauthorized usage
8: Delivering a secure application for the processing / deliverance of financial / business services
*C - Assets*C - Assets
6: Protecting the integrity of the running system, platform and application(s)
approx. 47+ layers of protection
Understanding ATM malware threatsbut delivering a Onion Model to prevention – detection – protection
Presentation Title 9/20/2019
12
22 | DIEBOLD NIXDORF |
Content
Background
ATMs Security
A Glance at the future
1
2
3
23 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Presentation Title 9/20/2019
13
24 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Recap: the DN series – built to connect. built for more.
To People
More Available
More Personalized
Businesses
More Integrated
& Digital Channels
More Efficient
More Future-Ready
More Secure
25 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL
Data | Cyber | Physical
7
1
2
3
4
5
6
12
13
8
9
14
10
11
Privacy-Driven UI Design
Premium Anti-Skimming with ActivEdgeTM
and Secure Pack 3 (SP3) Card Reader
Vynamic Security Suite
Anomaly Detection Engine (ADE)
Basic Endpoint Security (BES)
Trusted Device Communication (TDC)
1
2
3
4
5
6
Three-Position Surveillance
Separation of Safe and Upper
Cash Module
Position of Note Transport Set Back
in the Middle of the Module
Comprehensive Safe Portfolio
(UL, CEN I-IV, CEN ExGas)
ActivGuardTM
Alarm Board
Anti-Cash Trapping Sensors
Head Module Lock
Lockable and Anti-Tamper Cassettes
7
8
9
10
11
12
13
14
More SecureMore Secure From the Inside Out
More Secure
Presentation Title 9/20/2019
14
Thanksfor not falling asleep.
Humberto Gonzalez Arias Director Seguridad DN Mexico & LAM