Part 1 explained the concept behind Jackpotting and part 2 helped dissect what's needed in order to mitigate the attack. Here are some quick bullet points about this type of attack against ATM machines:
I have spoken about the attack vector against Windows XP driven ATM machines and moving to Windows 10 would keep the wolves at bay for a while. I have some bad news for you, the latest version of the Ploutus malware can attack Windows 10 as well. Just getting to Windows 10 is not enough to anymore. You are probably thinking, wait I just invested all of this time, effort and money to get to Windows 10. Am I still not safe? The answer is"no". You have to remember this is an ever-evolving attack. When one hole is closed, the attacker pivots to find their way around it.
Taking a holistic view of from physical security and physical placement of the actual ATM itself is the beginning. Making sure the ATM is properly alarmed against opening the top hat if the key to open the ATM is accessible from the public side ensure you have changed the lock from the factory lock and key set. You might be surprised that this is not always the case and the attackers are counting on this. Now think about this, the factory lock has not been changed on your ATM or fleet of ATM’s and then the local bank or credit union in the same region have not changed theirs either. The attacker now has unprecedented access to jackpot those ATM machines.
All makers of ATM machines are susceptible to Jackpotting. So, just because you have one, two, or a fleet or Diebold, NCR, Triton, etc ATMs, none of these are immune from Jackpotting attacks.
Real-time Security platforms like 1E’s Tachyon allow you to put in safeguards against the known attack vectors. The baseline is known to good ATM machines which don’t allow any interactive installs without proper authorization. Tachyon has the ability to run in memory of the ATM's computer allowing control over the ATM even if the hard drive is removed. (This is one of the types of attacks) Tachyon still has control. To keep the pace of these ever-evolving attacks, SCALE, the native language of Tachyon, has a super lightweight instruction set. It allows you to quickly pivot to meet the demands of any updates to this style of attack.
It’s about losing or gaining the trust of your customer and community. If you do nothing, you'll ultimately land on one of the 24/7 news programs as a victim to this attack. Or, on the flipside, you could ask the media in to show them everything that you are doing to mitigate it.