Money Doesn’t Grow on Trees Except when ATM Jackpotting Attacks.
In ATM Jackpotting Attacks, the attackers usually gain access to the ATM’s software or hardware, either through physical manipulation or by exploiting vulnerabilities remotely. Once they’re in, they can send commands to the ATM to make it dispense cash, just like that.
“Money doesn’t grow on trees”. We have all heard this saying which emphasizes that money does not simply appear, that making a living requires hard work and long hours. But what if this isn’t the case? Cybercriminals are carrying out jackpotting attacks on ATMs that suggest that, yes, money can just appear, and, no, it does not require hard work and long hours – more like a few minutes.
ATM Jackpotting presents an irresistible opportunity for cybercriminals who seek cash. And ATM’s are essentially metal boxes storing large amounts of cash. Therefore, it is no surprise that ATMs are often subject to attacks. Obviously, an attack on an ATM can bring the perpetrator instant rewards – and in substantial amounts. With more than 3.5 million ATMs around the world, hackers are not short of targets. And what better way to attack an ATM than to jackpot it?
How ATMs Provides a Global Attack Surface
ATM Jackpotting is a type of logical attack that instructs the machine to dispense cash at a rapid pace. Such attacks have become more frequent. With the European Association for Secure Transactions (EAST) reporting a 269% increase in logical attacks between 2019 and 2020.
The worldwide presence of ATMs means jackpotting attacks are a global threat. In Europe, Diebold Nixdorf, a leading ATM manufacturer, issued an alert warning about the rising number of jackpotting attacks in 2020. Recently, two individuals were arrested for ATM jackpotting attacks in Europe which saw them steal over $273,000. The Secret Service also issued a warning regarding jackpotting attacks in the United States.
How ATM Jackpotting Attacks Occur?
ATM jackpotting attacks occur through the use of ATM jackpotting software or by utilizing a black box. Both methods require physical access to the machine and the use of hardware attack tools, known as rogue devices. These rogue devices often include USB attack tools, which are designed to bypass traditional endpoint solutions and device controls based on Vendor ID/Product ID detection or broad categories.
In many cases, attackers use seemingly innocent flash drives to deliver powerful payloads, such as injecting keystrokes or executing other malicious actions. These USB attack tools, often available for less than $100 online, are powerful enough to evade most existing security controls, enabling attackers to manipulate the ATM to dispense cash or gain unauthorized access to the system.
The ability of these tools to bypass security protocols makes them a significant threat to ATMs and other connected devices. Once inside, attackers can leverage these tools to exploit vulnerabilities, triggering a jackpotting event where the ATM dispenses large sums of money without authorization, effectively compromising the machine’s integrity.
ATM Malware
ATM Malware attacks are a serious cybersecurity threat. Malware is short for “malicious software,” designed to infiltrate, damage, or gain unauthorized access to computer systems or networks. In an ATM Jackpotting attack, the attacker inserts a USB device ridden with ATM specific malware, such as CutletMaker or Ploutus D, into the ATM’s USB port. The malware instructs the machine to dispense cash which the attacker later collects. Ploutus malware, which first appeared in Mexico in 2013, has generated a loss of more than $450 million globally.
Black Box Attack
The perpetrator attaches a black box (typically a Raspberry Pi device) to the ATM’s internal cash dispenser. The black box relays commands sent from the attacker to the cash dispenser, forcing it to spit out money. As in the malware based method, the hacker (or a trusty accomplice) swiftly comes to pick up the cash.
Research by Positive Technologies found that 69% of ATMs are vulnerable to Black Box Attacks.
ATM’s Lack Sufficient Physical Protection
When conducting a jackpotting attack, attackers need to gain physical access to the ATM. Either by opening the machine’s casing or using specialized tools to connect to its internal components. This, however, is not too much of a challenge. Because, most offsite ATMs lack sufficient physical protection. Once they have access, they install malware or manipulate the ATM’s hardware to gain control over its operations. CCTV vigilance or the eyes of the public are security obstacles that can be easily bypassed.
In addition to attackers’ ability to go unnoticed, their devices, too, perform covertly. ATM jackpotting hardware attack tools operate on the physical layer, which goes uncovered by existing cyber security solutions. The lack of physical layer visibility means that when a rogue device gets inserted into the ATM, it raises no security alarms. If there’s nothing in place to stop the bad guys and their hacking tools, ATM jackpotting attacks become pretty tempting.
How to Protect Your ATMs from Jackpotting Attacks?
Heavy spending on cybersecurity should bring a high return on investment. Yet cyber security gaps limit this, especially in the face of threats like malware or black box attacks used in ATM Jackpotting.
Sepio’s asset risk management (ARM) platform provides a panacea to gaps in network assets visibility. Sepio’s deep visibility capabilities mean no device goes unmanaged. Sepio’s software platform identifies, detects, and handles all IT/OT/IoT devices. Ensuring you are getting the most out of your cybersecurity investments.
Sepio’s seamlessly integrating with existing solutions such as NAC, EPS, SIEM, and SOAR enhancing protection against threats like ATM Jackpotting. Additionally, Sepio’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, Sepio’s enables a Zero Trust Hardware Access approach which stops ATM Jackpotting at the first line of defense.
Sepio’s End Point and Network Asset Risk Management
Sepio’s patented technology ensures full control and visibility of your assets at the Physical Layer. This eliminates the need for traffic monitoring and allows you to locate and validate both known and unknown network assets. By assessing risk, you can prioritize attention to the highest-risk assets, ensuring operational continuity without being kept in the dark.
Sepio has successfully detected and blocked rogue devices at financial institutions. Give us just 24 hours to show you how we can secure your ATMs and stop you from becoming an attacker’s next slot machine.
Mitigate ATM Jackpotting CyberSecurity Risks
Schedule a demo. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks
