India’s cyber security agency warns of hacking attempts on micro ATMs and POS terminals following demonetization
By Prempal Singh
While India struggles to deal with demonetization and their effects, the country’s leading cyber security agency CERT-In has warned of potential cyber attacks on small ATMS and POS terminals by hackers. India witnessed a surprise currency crackdown a month ago when PM Narendra Modi declared that Rs 1000 and five-hundred note that have been popular legal currency would be banned. As an effect, people flocked to ATMs looking for liquid currency of other denominations counters saw a rise in transactions.
Cyber security experts from CERT-In have now cautioned customers as well as bankers and traders about skimming and malware threats on these systems and urged them to adopt high-end security to plug possible removes. Micro-ATMs are at more risk compared to normal ATMs as they work with minimal power and hook up to central bank servers and therefore their security wall is fairly slender and easy for cyber-terrorist to penetrate. CERT-In says these features need to be strong and up-to-date to thwart attempts by hackers. Rural areas and remotely accessible areas in India are determined by the micro ATMs that are simpler to set up compared to ATMs.
ATM attacks are not new. The most recent one was in Europe, allegedly carried away by hacker group Co (symbol). ATMs in India are currently being reloaded with the new higher denomination (Rs 2000 note) which makes them more vulnerable to cyber-terrorist who may be able to siphon off bigger amounts. As far as POS terminals are worried, there have been several attempts by hackers worldwide in an attempt to acess user credit/debit card details. However, as the amount of consumers making use of these terminals has drastically increased in India since last month, it is easier for hackers to strike at this point.
“Traditionally, data input into the POS system is within memory in clear textual content which allows attackers, memory space scrapers to be very successful. The only way to minimise this risk is by encrypting the data as quickly as possible and keeping it encrypted to the most extent throughout its life within the system. On the other hand, Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory space”, says the instructive by CERT-In.
In addition, the agency says all owners of POS devices should change passwords on a regular basis, using unique account names and complex passwords. They should also make sure that their Wi-Fi and internet connections are secured.
The latest warning comes just days after US-based internet security company FireEye stated to have found out harmful phishing websites designed to trick customers of twenty six Indian banks into providing their personal information to criminals. The domain known as csecurepay.com was registered on twenty three October and appears to be an online repayment gateway but in fact is a phishing website that contributes to hackers getting access to customer information.
Source: ibtimes.co.uk