Thanks to everyone for all the great conversations that are coming out of these blog posts. This next post will focus on the evolving threat emerging from attacks like Jackpotting.
Part 1 explained the concept behind Jackpotting and part 2 helped dissect what’s needed in order to mitigate the attack. Here are some quick bullet points about this type of attack against ATM machines:
- Jackpotting is one of the many types of evolving threats facing your industry
- This type of ATM attack first came onto the scene around 2010, running rampant in Europe, South and Latin America, though not in the US until the 2017/2018 time frame
- The attack, for the most part, requires physical interaction with the ATM
- The ultimate goal of these attacks is the theft of money from the bank/owner of the ATM. Not a retail customer
- These attacks are not a one and done attack, they are ever evolving
- Keeping the ATM software updated, including the move to Windows 10 is an essential barrier.
- As you will read, the move to Windows 10 is not enough to protect you anymore.
Ok, with that recap out of the way, I should ask: are your ATMs on the latest Windows system yet?
I have spoken about the attack vector against Windows XP driven ATM machines and moving to Windows 10 would keep the wolves at bay for a while. I have some bad news for you, the latest version of the Ploutus malware can attack Windows 10 as well. Just getting to Windows 10 is not enough to anymore. You are probably thinking, wait I just invested all of this time, effort and money to get to Windows 10. Am I still not safe? The answer is”no”. You have to remember this is an ever-evolving attack. When one hole is closed, the attacker pivots to find their way around it.
So, you may be asking, “How do I stay current and work toward lowering the threat vector of my ATM’s?”
Taking a holistic view of from physical security and physical placement of the actual ATM itself is the beginning. Making sure the ATM is properly alarmed against opening the top hat if the key to open the ATM is accessible from the public side ensure you have changed the lock from the factory lock and key set. You might be surprised that this is not always the case and the attackers are counting on this. Now think about this, the factory lock has not been changed on your ATM or fleet of ATM’s and then the local bank or credit union in the same region have not changed theirs either. The attacker now has unprecedented access to jackpot those ATM machines.
All makers of ATM machines are susceptible to Jackpotting. So, just because you have one, two, or a fleet or Diebold, NCR, Triton, etc ATMs, none of these are immune from Jackpotting attacks.
So, your next question probably is, “How do I keep up with the pace of change with these styles of malware-driven attacks?”
Real-time Security platforms like 1E’s Tachyon allow you to put in safeguards against the known attack vectors. The baseline is known to good ATM machines which don’t allow any interactive installs without proper authorization. Tachyon has the ability to run in memory of the ATM’s computer allowing control over the ATM even if the hard drive is removed. (This is one of the types of attacks) Tachyon still has control. To keep the pace of these ever-evolving attacks, SCALE, the native language of Tachyon, has a super lightweight instruction set. It allows you to quickly pivot to meet the demands of any updates to this style of attack.
Ultimately, it’s not about the money either spent to protect your ATMs or money lost if you don’t.
It’s about losing or gaining the trust of your customer and community. If you do nothing, you’ll ultimately land on one of the 24/7 news programs as a victim to this attack. Or, on the flipside, you could ask the media in to show them everything that you are doing to mitigate it.
