PotLuck Forum - CyberSecurity Self Service Devices · 2019. 9. 20. · Presentation Title 9/20/2019 1 CyberSecurity Self Service Devices Humberto Gonzalez Arias Director Seguridad

Presentation Title 9/20/2019

1

CyberSecuritySelf Service Devices

Humberto Gonzalez Arias

Director Seguridad DN Mexico & LAM

[email protected]

September 2019

1 | DIEBOLD NIXDORF | ATMIA MEXICO | CUSTOMER CONFIDENTIAL

Leveraging our Substantial Expertise to Benefit Customers


2


A World Leader in More than 100 Countries


Creating Security Awareness:

Global Security Portal - gsp.dieboldnixdorf.com


3


Creating Security Awareness:

Information sharing & collaboration

Cooperations:

ATM Security Association / ATMIA

Join security activities of ATMIA and ATM Security Association

Active Member of the Security Council

Active Member of the Security Working Groups

European Association for Secure Transactions (EAST)

Working groups EGAP, EGAF & EPTF

MOU with Europol: EC ³

Guideline regarding ATM Malware created in

cooperation with Diebold Nixdorf, NCR, GMV, FTR, ING

and EAST

MOU with FBI:

Collaboration regarding ATM Malware analysis

5 | DIEBOLD NIXDORF |

Content

Background

ATMs Security

A Glance at the future

1

2

3


4


Room For Improvement ? Really !!!


The Very Very basics

ITIL v2 Framework

Planning to implement

Service Management

Service

Support

Service

Delivery Security

Management

Software AssetManagement

Aplication

Management

Business

Perspective

ICTInfrastructure

Management

Th

eB

usin

ess

Th

eTe

ch

no

logy


5


Broader Environment

Control Access

IntruderDetection

IT Security

DatabaseCenter

Visitor Managementand

Identify recognitionAsset

Management

EmergencyComunication

Sensorsand

Alarms

UnifySystems

VideoSurveillance

Physical

Security


The Players


6


The Bad One


The Bad One


7


Fatal Combination

What is Social Engineering?


Content

Background

ATMs Security


1

2

3


8


ATMS Security landscape


Why Security Incident Management with ATMs & POS Systems?

Skimming

ShimmingSW Skimming

EavesdroppingCard Trapping

DATA attacks

All fraud and security incidents,

aimed at gaining physical and/or

digital access to card data

Explosion ATM burglary

Internal misuse

Cash Trapping Preparation

Ram raids

PHYSICAL attacks


aimed at gaining physical access

directly to ATM cash

Jackpotting Host spoofing

Ransomware TRF

DoS Data breach

CYBER attacks


aimed at gaining physical and/or

digital access to system /

communications, data & ATM cash

CPSS Global Wiki: Attack type definitions


9


Source: https://www.fireeye.com/blog/threat-

research/2015/09/suceful_next_genera.html

Source: https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html

Source: http://blog.trendmicro.com/trendlabs-

security-intelligence/alice-lightweight-compact-no-

nonsense-atm-malware/

Source: https://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html

Understanding ATM malware threatsTaking advantage of the commoditization of the ATM service ecosystem


Understanding ATM malware threatsand as a consequence this attack unfolded

Source : https://www.europol.europa.eu/publications-documents/cashing-in-atm-malware


10


Understanding ATM malware threatsVynamic Security, 3 components catering for specific security requirements

Intrusion Protection

Hard Disk Encryption

Access Protection

PrePrePrePre----FabricatedFabricatedFabricatedFabricated security policy enforcing industry and security best industry and security best industry and security best industry and security best practicepracticepracticepractice, delivering compatibly and compliance e.g. SANS, SANS, SANS, SANS, NIST, PCI NIST, PCI NIST, PCI NIST, PCI etc.

Mitigating potential risk Mitigating potential risk Mitigating potential risk Mitigating potential risk by reducing the inherent Operating System attack surface

Keystroke Keystroke Keystroke Keystroke –––– Mouse Mouse Mouse Mouse management blocking / allowing given combination

Software solution (not paperware) Software solution (not paperware) Software solution (not paperware) Software solution (not paperware) with inherent self protection protecting against

manipulation

Industry compatible User and User Group Industry compatible User and User Group Industry compatible User and User Group Industry compatible User and User Group privilege policy privilege policy privilege policy privilege policy for both AD and non-AD driven environments

Extended event logging Extended event logging Extended event logging Extended event logging enabling the support audit trail creation /

reconstruction



Access Protection



RealRealRealReal----Time Time Time Time protection protection protection protection and alerting againstagainstagainstagainst both known and unknownunknownunknownunknownthreats delivering so-called zerozerozerozero----day day day day protectionprotectionprotectionprotection

Protection based on behavioral Protection based on behavioral Protection based on behavioral Protection based on behavioral and not static rules covering all aspect of the runtime environment

Protection against unauthorized usage of Protection against unauthorized usage of Protection against unauthorized usage of Protection against unauthorized usage of USB USB USB USB peripheral devices (USB devices,

hard/thumb drives etc.)

Upholding the integrity Upholding the integrity Upholding the integrity Upholding the integrity ofofofof the complete runtime runtime runtime runtime environmentenvironmentenvironmentenvironment incl. all file types, registry, binaries etc.

Secure (remote Secure (remote Secure (remote Secure (remote –––– local) software installation local) software installation local) software installation local) software installation process process process process for all Sw. packages independent of Sw.

distribution solution

Protection against Protection against Protection against Protection against memory attacks memory attacks memory attacks memory attacks and unauthorized access / usages

of memory


11



Access Protection



Military grade Military grade Military grade Military grade - National Security Agency (NSA) approved AES-256 bit real-time encryptionencryptionencryptionencryption.

Retro fittable Retro fittable Retro fittable Retro fittable via either remote (via Sw. distribution) or locally (technician)

SecureSecureSecureSecure hardware paired Boot / Boot / Boot / Boot / Authentication Authentication Authentication Authentication processprocessprocessprocess (local – central) incl. integrity validation

Supporting TPM Supporting TPM Supporting TPM Supporting TPM (Trusted Platform Module) for storing the encryption /

decryption keys

Central management Central management Central management Central management of all configuration capabilities incl. incl. incl. incl. RecoveryRecoveryRecoveryRecovery and Forensic Forensic Forensic Forensic toolsettoolsettoolsettoolset

RealRealRealReal----TimeTimeTimeTime on-the-fly data Encryption Encryption Encryption Encryption ----decryptiondecryptiondecryptiondecryption


1: BIOS Management incl. password, boot sequence/parameters, etc.

2: Protection against unauthorized Booting & Access to ATM hard-disk

*C – Assets = Customer – Consumers Assets (card, personal, transactional, Intellectual data)

3: Protection against unauthorized Internal / External Communications

4: Protecting the integrity of all communication - transactions

5: Delivering industry compatibility and hardening of Operating System e.g. industry hardening

7: System Protection against all forms of unauthorized usage

8: Delivering a secure application for the processing / deliverance of financial / business services

*C - Assets*C - Assets

6: Protecting the integrity of the running system, platform and application(s)

approx. 47+ layers of protection

Understanding ATM malware threatsbut delivering a Onion Model to prevention – detection – protection


12


Content

Background

ATMs Security


1

2

3



13


Recap: the DN series – built to connect. built for more.

To People

More Available

More Personalized

Businesses

More Integrated

& Digital Channels

More Efficient

More Future-Ready

More Secure


Data | Cyber | Physical

7

1

2

3

4

5

6

12

13

8

9

14

10

11

Privacy-Driven UI Design

Premium Anti-Skimming with ActivEdgeTM

and Secure Pack 3 (SP3) Card Reader

Vynamic Security Suite

Anomaly Detection Engine (ADE)

Basic Endpoint Security (BES)

Trusted Device Communication (TDC)

1

2

3

4

5

6

Three-Position Surveillance

Separation of Safe and Upper

Cash Module

Position of Note Transport Set Back

in the Middle of the Module

Comprehensive Safe Portfolio

(UL, CEN I-IV, CEN ExGas)

ActivGuardTM

Alarm Board

Anti-Cash Trapping Sensors

Head Module Lock

Lockable and Anti-Tamper Cassettes

7

8

9

10

11

12

13

14

More SecureMore Secure From the Inside Out

More Secure


14

Thanksfor not falling asleep.

Humberto Gonzalez Arias Director Seguridad DN Mexico & LAM

[email protected]

[email protected]

[email protected]

Documents

PotLuck Forum - CyberSecurity Self Service Devices · 2019. 9. 20. · Presentation Title 9/20/2019 1 CyberSecurity Self Service Devices Humberto Gonzalez Arias Director Seguridad