"No more ATMs running Windows XP," shouts Reserve Bank of India
Vulnerable Windows XP machines have made tremendous attack vectors for bad actors in the past decade, yet some organizations are still relying on the age-old OS that Microsoft no longer supports with security updates.
Banks in India are just some of the organizations making up that list, and while everyone will eventually have to ditch XP in favor of a more up-to-date OS, India wants it out of its ATMs by the end of next year.
A notice signed “the Reserve Bank of India” was sent to various banks across the country last week, informing everyone on the receiving end that new security measures must be implemented. If found noncompliant, banks are told they will feel the long arm of the law on their shoulder.
“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” reads the notice. “As you may appreciate, the vulnerability arising from the banks” ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks” customers adversely, apart from such occurrences, if any, impinging on the image of the bank.”
As such, the RBI finds it necessary that banks and White-Label ATM Operators “initiate immediate action in this regard.” Recipients are told to implement the following control measures (emphasis ours):
- By August 2018, the targeted banks must implement security measures such as: set a BIOS password; disable USB ports and the auto-run feature; and apply the latest patches
- By March 2019, implement anti-skimming and whitelisting solution and upgrade all ATMs with supported versions of operating system
By September 2018, targeted entities must show proof of 25% progress on the road to compliance, then 50% by December 2018, then 75% by March 2019. By June next year, no excuses will be tolerated not to have these security measures in place, according to the document.
“Any deficiency in timely and effective compliance with the instructions contained in this Circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007,” the RBI warns.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021