I began telling this story about Jackpotting and overall ATM security in my first blog post. To recap, Jackpotting is a multi-tiered attack against ATM machines with the goal of stealing money from the machine, not the retail customer, but it’s not your grandfather’s ATM attack.
I have to chuckle when I read headlines like this: Suspects fail to steal ATM, successful in making huge mess.
What the idiots in the above story didn’t realize is that the machines have GPS trackers! If they were able to get this into their van, they would have gotten a surprise! Don’t be fooled by this story, however. Today’s ATM attackers are much more sophisticated. Unfortunately, most owners of ATMs have not adapted as quickly. There is a large gap between understanding what needs to be done and then applying the proper tools that prevent the attacks to begin with. We’ve seen it again and again, but the mentality behind security has to change from “if” to “when”.
Napoleon famously said, “Don’t fight the same enemy too many times, as they will learn all of your tactics”. I believe this quote really holds a lot of relevance here. The evolution of the criminals attacking ATMs has had many faces and has been evolving for a long time, but the latest software driven attacks are more “elegant”. There is no brute force attack, but rather a subtle attack that involves thought, skill, timing and social engineering. Hackers are extremely patient. These attacks can be in plain sight— and don’t think you’re excluded! These attacks are happening to the big banks as well as the stand-alone ATMs found in a mini-mart or gas station. No company is immune. That’s right, I said “company”. That’s because this is not a direct attack against the consumer – your customer. This is not a skimming attack. This is a software attack, and it starts with your operating system.
Reacting to the threat:
So, you still have a fleet of Windows XP-powered ATM machines? The frightening thing is that you are not alone. Though you might still be getting patched by Microsoft until 2019 on extended support, that leaves still leaves you, well let’s see…. carry the one… hmmm five Windows operating systems versions and 17 years behind. Windows XP was released in 2001. Think about it this way, when is the last time you used a piece of technology that was 17 years old? Even if you have already upgraded your ATM estate with Windows 7, that was released in 2009, it’s now late 2018 and you have been given until 2020 to get to Windows 10 to stay current with Microsoft support model. At this point, it should be one of your main initiatives to push for Microsoft Windows 10. If you own an ATM and are still running Windows 7 or XP, then I have to ask you; what is your plan to get to Windows 10 by 2020? Do you have one?
Before you answer too quickly, keep in mind that getting to Windows 10 is not good enough. How do you plan on staying on Windows 10? This is not Microsoft Windows of old: build an image, deploy, patch and forget. That strategy is no longer valid. To stay within support by Microsoft you will need to deploy the Windows 10 feature packs. How are you planning to do that? You could throw bodies at the upgrade and a subsequent Windows feature pack or you could automate this upgrade. Once the automation framework is built, staying up with Windows feature pack release becomes a streamlined process.
Showing your cards:
So, you are the person that is responsible for ensuring that your organization is secure? What roadmap are you following to ensure your will accomplish your goals in this in this ever-changing matrix of the highest security and providing the highest ease of use and functionality of your ATMs? That really is the true balance of your job, you can’t just build walls to protect the ATMs, you want people to use them and make it as easy as possible to do so, let’s face it; it’s a revenue source for your organization. Where are you on the delivery of the latest, more secure operating system? What else are you doing? Security by obscurity is what the bad guys are counting on. What are you doing to stop them?
The first building block from securing the ATM from a software standpoint the move to Windows 10. Ideally, you need a repeatable framework that not only gets you to Windows 10 but more easily keeps you there. If you are managing your ATM estate with SCCM, products like the Windows Servicing Suite from 1E maybe the solutions to automate the operating system upgrade with a repeatable framework.
The next step to look at after this upgrade is real-time visibility to all your ATMs no matter where they are. Then, not only having the real-time visibility, be able to react and resolve in that same real time.
I will be talking about those next building blocks around the real-time visibility and remediation in my next blog, so stay tuned.