Hitting the ‘Jackpot’ With ATMs

ATM jackpotting attack

Money doesn’t grow on trees

“Money doesn’t grow on trees”. We have all heard this saying which emphasizes that money does not simply appear, that making a living requires hard work and long hours. But what if this isn’t the case? Cybercriminals are carrying out jackpotting attacks on ATMs that suggest that actually, yes, money can just appear, and, no, it does not require hard work and long hours – more like a few minutes.

See a penny ATM, pick it up, attack it

ATMs are valuable targets for financially motivated cybercriminals; they are essentially metal boxes storing large amounts of cash. It is, therefore, no surprise that ATMs are often subject to attack. An attack on an ATM can bring the perpetrator instant rewards – and in substantial amounts. With more than 3.5 million ATMs around the world, malicious actors are not short of targets. And what better way to attack an ATM than to jackpot it?

A global attack surface

Jackpotting is a type of logical ATM attack that instructs the machine to dispense cash at a rapid pace. Such attacks have become more frequent, with the European Association for Secure Transactions (EAST) reporting a 269% increase in logical attacks between 2019 and 2020. The worldwide presence of ATMs means jackpotting attacks are a global threat. In Europe, Diebold Nixdorf, a leading ATM manufacturer, issued an alert warning about the rising number of jackpotting attacks in 2020. Last month, two individuals were arrested for jackpotting attacks in Europe which saw them steal over $273,000. The Secret Service also issued a warning regarding jackpotting attacks in the United States.

Taking over

Jackpotting attacks occur in one of two ways; through malware or using a black box. Both methods require physical access to the machine and the use of hardware attack tools, known as rogue devices.

Malware

The attacker inserts a USB device ridden with ATM-specific malware, such as CutletMaker or Ploutus D, to the ATM’s USB port. The malware instructs the machine to dispense cash which the attacker later collects. Ploutus, which first appeared in Mexico in 2013, has generated a loss of more than $450 million globally.

Black box

The perpetrator attaches a black box (typically a Raspberry Pi device) to the ATM’s internal cash dispenser. The black box relays commands sent from the attacker to the cash dispenser, forcing it to spit out money. As in the malware-based method, the malicious actor (or a trusty accomplice) swiftly comes to pick up the cash. Research by Positive Technologies found that 69% of ATMs are vulnerable to black box attacks.

ATM attack

Invisibility appeal

Attackers need to gain physical access to the ATM when conducting a jackpotting attack. This, however, is not too much of a challenge. Most offsite ATMs lack sufficient physical protection, relying mainly on CCTV and the prying eyes of the public – obstacles that can easily be bypassed.

In addition to attackers’ ability to go unnoticed, their devices, too, perform covertly. Hardware attack tools operate on the Physical Layer (L1), which goes uncovered by existing security solutions. The lack of Physical Layer (L1) visibility means that when a rogue device gets inserted into the ATM, it raises no security alarms.

With no security measures stopping the malicious actor or their attack tools, one can see the appeal of an ATM jackpotting attack.

Get your money’s worth

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this. Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

HAC-1 has successfully detected and blocked rogue devices at top tier banks’ ATMs. Give us just 24 hours to show you how we can protect your ATMs and stop you from becoming an attacker’s next slot machine.

Sepio platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.

Hardware Assets Control solution for iot security

Sepio Hardware Access Control HAC-1, provides 100% hardware device visibility.

HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

The idea is to Verify and then Trust that those assets are what they say they are.

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected

Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Physical Layer Fingerprinting

Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged.

With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:

  • Do we have an implant or spoofed device in our network?
  • How many IoT devices do we have?
  • Who are the top 5 vendors for devices found in our network?
  • Where are the most vulnerable switches in our network?

Having visibility across all hardware assets provides a more comprehensive cyber security defense. Reduce the risk of a hardware attack being successful and our private health data being stolen.

Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.

Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools. Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this. Sepio Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments.

HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices.

Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

Sepio supporting compliance

Sepio Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks. As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.

HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.

In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.

Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities.

Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident.

HAC-1 logs all hardware asset information and usage and maintains such data for a period defined by the system administrator.

Leave a Reply