The year 2018 started on a sober note with ATM jackpotting hitting the US cities. The Secret Service came into action after the reports came about jackpotting, that lets anyone steal money from ATMs. Well, this was something new that has happened in the United States, where the ATM security was in question.
To execute the cyber-attack, a thief needs physical access to an ATM and he uses will use malware, physical hacking tools, or both, to take control of the machine and force it to dispense cash quickly. If it works, cash pours out of the ATM-like the hacker won a jackpot.
Criminals target ATMs that are stand-alone, since they had found vulnerabilities in financial institutions that operate these ATMs. “The targeted stand-alone ATMs are placed near big-box retailers, pharmacies, and drive-thru ATMs.
According to reports thieves stole over $1 million in attacks during the initial days. The most reported cases were from the Pacific Northwest to New England.
The Secret Service said criminals associated with ATM jackpotting can be individuals or organized crime groups.
ATM makers Diebold Nixdorf and NCR Corporation confirmed they have alerted clients to the potential jackpotting attacks. A spokesperson for Diebold Nixdorf said older Diebold units are being targeted.
Threat Assessment
Most of the ATMS runs on Windows 7 or Windows XP, and are carefully locked down. In the current scenario, all ATM types are at risk, as the defect is hardware related and not OS vulnerability. This means encryption keys ATMs rely on for transactions are held inside the EPP and consequently are unaffected by the new attack methods.
However, this does not mean ATMs are safe and cannot be attacked. If an attacker is able to plant a malware into the ATM, it would be possible to access sensitive information (such as an account number on the customer’s card) and, also potential passwords such as an ATM supervisor login password that might be held transiently in memory.
The wonders of whitelisting; the ‘antis’ of antivirus, most ATMs are safe from malware. They have whitelisted the virus that automatically prevents the ATM from running unrecognized programs and scripts. Whitelisting blocks any new malware from being executed on an ATM and represents an excellent first defense.
Nevertheless, not all ATMs use whitelisting some use antivirus software, while some use not malware protection. Antivirus can never be a good thing for ATM protection, and the jackpotting clearly proves why it is so.
As this threat is very new, AV software does not yet include the signatures needed to identify it. At a minimum, the AV signatures would have to be updated on ATMs, but this is hard to do, since, as we have said, the actual malware written to implement these threats has not yet been identified.
Since this is a new kind of attack, AV software is not used to the signature to identify the threat. The ATM has to be updated with signature, but since it is not an easy job to keep it updated because the malware written to implement these threats has not yet been identified.
What is more interesting is that when Microsoft releases any new patch for Windows these AV will block it and not let it access the CPU. So AVs itself will make the ATM vulnerable, and in such instances, the Bank should implement whitelisting.
Admin Access
Admin access and who needs it the most, well whitelisting can be compromised by bank staff, which can amend the settings. So it is wise that Admin right is not given to anybody to access ATMs. Let all the maintenance on ATM is through standard practices and privileges. Even though many banks allow it to happen by giving admin rights to some few who manage to install malware.
The irony that some ATMs are still running on Windows XP and Microsoft has long since stopped creating patches for XP. So if a bank is running its ATM on Windows XP, they should immediately get in touch with Microsoft to avail patches and fix the vulnerability.
Well, when you say Windows 10 patches is available so why do we need to worry, it is because a lot of banks still run their ATMs on unsupported 32-bit Windows. So, it makes it difficult to fathom when it will be available from Microsoft.
As we write this and come across the most crucial question that there is a wide range of unique aspects of ATM Security. By concentrating on what is important and applying all the security one can stay ahead, and keep themselves safe when a new threat emerges.