"When conducting security analysis, we identify vulnerabilities related to network security, configuration flaws, insufficient protection of peripherals. Together, these flaws allow attackers to steal money from an ATM or to steal bank card data. At the same time, the security mechanisms used are not a serious obstacle to the implementation of attacks: in almost all cases, the possibility of circumventing the installed means of protection was revealed," the study said.
The company chose 26 ATMs manufactured by NCR, Diebold Nixdorf and GRGBanking in its study, with each of the ATMs having a unique configuration.
READ MORE: North Korea-Linked Hackers Accused of Stealing Millions in ATM Cyber Attacks
The study revealed that the types of attacks on the same ATM model differed depending on the type of connection to the processing centre, the installed software, the protection measures used and other specific parameters.
READ MORE: 'Iris Scans Mean You Don't Need a Card or Pin to Use the ATM' — Scholar
The Positive Technologies' study also revealed that about 92 per cent of ATMs do not have an adequate level of protection against another method of attack — connecting to ATM's hard disk drive. If an attacker manages to connect to an ATM in this way, he will be able to write a malicious program to the hard drive allowing him to bypass or disable the security tools.
In addition, about 85 per cent of ATMs are vulnerable to network attacks, the firm said. Its experts have revealed that hackers could interfere in the conduct of ATM transactions, for example, requesting to issue a large amount of cash. About 69 per cent of ATMs remain vulnerable to black box attacks when attackers connect to an ATM dispenser to send a command to issue cash, the study noted.
READ MORE: World's Oldest ATM Celebrates 50th Birthday as Cash Shows It Is Here to Stay