ATM Cyber Security is a critical concern due to the susceptibility of automated teller machines (ATMs) to various attacks, notably ATM Jackpotting Attack. Why? The amount of money inside of them and the easy access to obtaining it. Some ATMs are filled with over $2,000 a day. That’s $14,000 a week. And $56,000 a month. Give or take the money going out from transactions, that is still a hefty sum of money. Given the lucrative nature of ATMs, they become a primary focus for cybercriminals aiming to capitalize on illicit financial gains. Effective ATM network security software is essential to mitigate these risks and safeguard the integrity of the financial system.
Eleven years ago, in 2008, the estimated sum of money lost to ATM attacks was over $1 billion. That sum is likely to have increased as hackers’ skills improve and the ways in which they go undetected are becoming more sophisticated.
Financial losses are not the only cost. A loss of reputation and customer loyalty comes with ATM fraud. ATM cyber security related fraud increased by 26% from 2015 to 2016, with 23,588 attacks in the latter year, indicating the critical need for asset risk management for financial institutions.
Cyberattacks on ATMs can Come in Many Shapes and Forms
Cyberattacks on ATMs can manifest in various shapes and forms, reflecting the diverse tactics employed by cybercriminals to compromise these financial machines. Some common types of cyberattacks on ATMs include:
ATM Specific Malware – i.e., CutletMaker, Ploutus D, ATM Proxy
Malicious software (Malware) can be injected directly into an ATM, either through physical access to the machine or by exploiting vulnerabilities in its software. Once installed, the malware can manipulate the ATM’s operations for fraudulent transactions.
Specific Hardware – ATM Black Box Attacks
ATM Black Box Attacks involves infecting an ATM with malware that manipulates its software, allowing cybercriminals to force the machine to dispense large amounts of cash. This can occur through physical access or by exploiting vulnerabilities in the ATM security software.
Specific Hardware – Network Implants
Cybercriminals may target the network infrastructure connecting ATMs to financial institutions. This can involve exploiting vulnerabilities in network protocols, using malware to intercept or manipulate transactions, or launching denial-of-service attacks to disrupt services.
ATM Cyber Security: Defending Against Rogue Devices and Black Box Attacks
In any type of the above Cyberattack methods, hackers use hardware devices known as Rogue Devices, posing a significant threat to ATM cyber security. Either for triggering the ransomware or as a MiTM attack over the USB or the Ethernet interface.
Attackers use rogue devices as a tool for their attacks, benefiting from the invisibility it provides them with. These rogue device attacks occur on the Physical Layer, making them undetectable by ATM security software and ATM network security solutions. The sophistication of these devices is allowing bad actors to carry out their attacks remotely. Thus increasing their anonymity and reducing the risk of being caught.
By attaching a spoofed peripheral to the ATM’s cash dispenser, the perpetrator can send cash dispensing commands. Bypassing the need for a card or transaction authorization. This is called a black box attack. Its primary limitation is that it requires physical access to the ATM internals for the installation of the black box or keyboard. As attackers discover that gaining physical access to the internals of the ATM is becoming more challenging, they have introduced a new method of attack. External network implants which are becoming more popular, further complicate ATM cyber security.
They are in most cases off-the-shelf-devices, mainly cellular routers, modified in such a way that they operate in “transparent/bridge” mode without having any layer 2 (MAC) presence. As such, they cannot be picked up by NAC/IDS solutions (Moving Beyond NACs).
Enhancing ATM Cyber Security with Sepio
Many times, enterprises’ IT and security teams struggle in providing complete and accurate visibility into their hardware assets. Especially in today’s extremely challenging IT/OT/IoT environment. This is due to the fact that often, there is a lack of visibility. Which leads to a weakened policy enforcement of hardware access. This may result in ATM cyber security accidents, such as ransomware attacks, data leakage, etc.
To address this challenge, you need ultimate visibility into your hardware assets, regardless of their characteristics and the interface used for connection by attackers. Moreover, it is important to be practical and adjust to the dynamic Cybersecurity defenses put in place to block them, as well as take advantage of the “blind” spots – mainly through USB Human Interface Device (HID) emulating devices or Physical layer network implants.
Securing Hardware Assets with Sepio
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practices for ATM cyber security policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.
Sepio is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces.
Sepio’s solution, identifies, detects and handles all peripherals; no device goes unmanaged. The only company in the world to undertake physical layer visibility fingerprinting, Sepio calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the security software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.
See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks in the context of ATM cyber security.
