2 min read

"No more ATMs running Windows XP," shouts Reserve Bank of India

Filip TRUȚĂ

June 25, 2018

"No more ATMs running Windows XP," shouts Reserve Bank of India

Vulnerable Windows XP machines have made tremendous attack vectors for bad actors in the past decade, yet some organizations are still relying on the age-old OS that Microsoft no longer supports with security updates.

Banks in India are just some of the organizations making up that list, and while everyone will eventually have to ditch XP in favor of a more up-to-date OS, India wants it out of its ATMs by the end of next year.

A notice signed “the Reserve Bank of India” was sent to various banks across the country last week, informing everyone on the receiving end that new security measures must be implemented. If found noncompliant, banks are told they will feel the long arm of the law on their shoulder.

“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” reads the notice. “As you may appreciate, the vulnerability arising from the banks” ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks” customers adversely, apart from such occurrences, if any, impinging on the image of the bank.”

As such, the RBI finds it necessary that banks and White-Label ATM Operators “initiate immediate action in this regard.” Recipients are told to implement the following control measures (emphasis ours):

  • By August 2018, the targeted banks must implement security measures such as: set a BIOS password; disable USB ports and the auto-run feature; and apply the latest patches
  • By March 2019, implement anti-skimming and whitelisting solution and upgrade all ATMs with supported versions of operating system

By September 2018, targeted entities must show proof of 25% progress on the road to compliance, then 50% by December 2018, then 75% by March 2019. By June next year, no excuses will be tolerated not to have these security measures in place, according to the document.

“Any deficiency in timely and effective compliance with the instructions contained in this Circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007,” the RBI warns.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read