In Mexico, all ATMs are physically hackable, says Juan Carlos Carrillo ^(*), the partner in IBM Mexico, during the Seminar of Financial Cybersecurity of the NYCE firm.

In the country, there are around 151,000 ATMs, according to data as of December 2018.

(…) the expert indicates that the bank must make tests of its infrastructure, including ATMs, in order to detect if both the hardware and the software are safe.^(*)

The expert has pointed out the big mistakes financial organizations are making, is the assumption everyone within the organization network is trustworthy. Local financial organizations lack sufficient security controls in the internal network, they ignore network encryption, user access controls, passwords; as well as having weak internal audit controls.

Mexico, along with some East Europe countries, in fact, is the country where often new ATM attacks technology is “tested and invented”. Later, technology is migrating to the USA. This happened with “black box attack”. Mexico was one of the first countries where criminals have used endoscopes to perform black box attack. In Mexico criminals have found a way how to circumvent the HDD encryption, replacing the native hard drive on ATM with “own”, infected, etc.
I suppose, pretty soon we will witness more “high-tech” attacks on ATM, including “fake host”, network sniffing and something else.

The last Sunday the Mr.Carrillio’s warning was confirmed by the massive attack to the ATM in 170 branches of BBVA Bankomer bank. As local mass media have informed, ATMs in the Bank branches have started to spill out 500 pesos notes. In average about 1000 notes have been lost. As a result of the attack, the Bank has canceled to serve customers on the ATMs for 4 hours.
We do not know the technic has been used in the attack.

SPL GROUP and SPL MEXICO provide the complete ATM and ATM network security solution to prevent physical and logical attacks. For more information please visit our site www.spl.net.

(*) https://www.forbes.com.mx