India’s cyber security agency warns of hacking attempts on micro ATMs and POS terminals following demonetisation

As India struggles to cope with demonetisation and its effects, the country’s premier cyber security agency CERT-In (computer emergency response team) has warned of potential cyber attacks on micro ATMS and POS (point of sale) terminals by hackers.

India witnessed a surprise currency crackdown last month when Prime Minister Narendra Modi announced that Rs 1000 ($15, £11.5) and 500 note bills which were popular legal currency would be banned. As a result, people flocked to ATMs in need of liquid currency of other denominations and POS counters saw a surge in transactions.

Cyber security experts from CERT-In have now cautioned customers as well as bankers and traders about skimming and malware threats on these systems and urged them to adopt high-end encryption to plug possible breaches.

Micro-ATMs are at more risk compared to normal ATMs as they work with minimal power and connect to central banking servers and thus their security wall is fairly thin and easy for hackers to penetrate. CERT-In says these features need to be strong and updated to thwart attempts by hackers. Rural areas and remotely accessible areas in India are dependent on the micro ATMs which are easier to set up compared to ATMs.

ATM attacks are not new. The most recent one was in Europe, allegedly carried out by hacker group Cobalt. ATMs in India are currently being reloaded with the new higher denomination (Rs 2000 note) making them more vulnerable to hackers who may be able to siphon off larger amounts.

As far as POS terminals are concerned, there have been several attempts by hackers all over the world to try and access user credit/debit card details. However, as the number of consumers making use of these terminals has drastically increased in India since last month, it becomes easier for hackers to strike at this point.

“Traditionally, data input into the POS system is in memory in clear text which allows attackers, memory scrapers to be very successful. The only way to minimise this risk is by encrypting the card data as soon as possible and keeping it encrypted to the maximum extent throughout its life within the system. Alternatively, Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory,” says the advisory by CERT-In.

In addition, the agency says all owners of POS devices should change passwords on a regular basis, using unique account names and complex passwords. They should also make sure that their Wi-Fi and internet connections are secured.

The latest warning comes just days after US-based cyber security company FireEye claimed to have discovered malicious phishing websites designed to trick customers of 26 Indian banks into giving their personal information to criminals. The domain named (csecurepay[.]com) was registered on 23 October and appears to be an online payment gateway but in reality is a phishing website that leads to hackers gaining access to customer information.


Leave a Reply