ATM Cyber Security is a critical concern due to the susceptibility of automated teller machines (ATMs) to various attacks, notably jackpotting attacks. Why? The amount of money inside of them and the easy access to obtaining it. Some ATMs are filled with over $2,000 a day. That’s $14,000 a week. And $56,000 a month. Give or take the money going out from transactions, that is still a hefty sum of money.
Given the lucrative nature of ATMs, they become a primary focus for cybercriminals aiming to capitalize on illicit financial gains. Effective ATM network security software is essential to mitigate these risks and safeguard the integrity of the financial system.
In 2008, the estimated sum of money lost to ATM attacks was over $1 billion. That sum is likely to have increased as hackers’ skills improve and the ways in which they go undetected are becoming more sophisticated.
ATM fraud not only results in financial losses but also damages the reputation and customer loyalty of financial institutions. ATM security related fraud increased by 26% from 2015 to 2016. Indicating the critical need for ATM security solutions (Cybersecurity for Financial Institutions).
Types of ATM Cyberattacks and Security Threats
ATMs Cyberattacks can manifest in various shapes and forms, reflecting the diverse tactics employed by cybercriminals to compromise these financial machines. Some common types of cyberattacks on ATMs include:
ATM Specific Malware
Malicious software (Malware) can be injected directly into an ATM, either through physical access to the machine or by exploiting vulnerabilities in its software. Once installed, the malware can manipulate the ATM’s operations for fraudulent transactions (i.e., CutletMaker, Ploutus D, ATM Proxy).
Specific Hardware – ATM Black Box Attacks
ATM Black Box Attacks involves infecting an ATM with malware that manipulates its software, allowing cybercriminals to force the machine to dispense large amounts of cash. This can occur through physical access or by exploiting vulnerabilities in the ATM security software.
Specific Hardware – Network Implants
Hackers utilize rogue devices, such as network implants, to intercept or manipulate ATM communications with financial institutions. These devices, often invisible to traditional ATM security software, allow cybercriminals to execute attacks remotely, enhancing their anonymity.
Rogue Devices and ATM Cyber Security
In any type of the above cyberattack methods, hackers use hardware devices known as rogue devices. Either for triggering the ransomware or as a MiTM attack over the USB or the Ethernet interface. These rogue device attacks occur on the physical layer, making them undetectable by ATM security software and ATM network security solutions. The sophistication of these devices allows bad actors to carry out their attacks remotely. Thus, increasing their anonymity and reducing the risk of being caught.
By attaching a spoofed peripheral to the ATM’s cash dispenser, the perpetrator can send cash dispensing commands. Bypassing the need for a card or transaction authorization. This is called a black box attack. Its primary limitation is that it requires physical access to the ATM internals for the installation of the black box or keyboard. As attackers discover that gaining physical access to the internals of the ATM is becoming more challenging, they have introduced a new method of attack. External network implants, which are becoming more popular, further complicate ATM security.
They are in most cases off-the-shelf-devices, mainly cellular routers, modified in such a way that they operate in “transparent/bridge” mode without having any layer 2 (MAC) presence. As such, they cannot be picked up by NAC/IDS security solutions (Moving Beyond NACs).
ATM Network Cyber Security
A key challenge for IT teams is achieving complete network visibility into their hardware assets. Without effective ATM cyber security solutions, attackers can exploit network blind spots, particularly through USB and network interfaces, especially in today’s complex IT/OT/IoT landscape. This lack of visibility weakens the enforcement of hardware access policies, potentially leading to serious ATM cyber security incidents such as ransomware attacks and data leakage.
To address this challenge, you need ultimate visibility into your network hardware assets. Regardless of their characteristics and the interface used for connection by attackers. Moreover, it is important to be practical and adjust to the dynamic Cybersecurity defenses put in place to block them. Attackers exploit the network’s “blind” spots. They primarily do this through USB Human Interface Device (HID) emulating devices or physical layer network implants.
Endpoint and Network Security with Sepio
In addition to physical layer verification, a comprehensive policy enforcement mechanism outlines best practices for ATM security. This allows administrators to set strict or more granular rules for enforcement. It ensures robust protection against potential threats.
The Sepio platform is revolutionizing the cybersecurity industry by uncovering hidden hardware attacks that operate over network and USB interfaces.
Sepio’s solution identifies, detects, and manages all peripherals, ensuring no device goes unmanaged. It creates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any potential attacks. Leveraging machine learning, the security software analyzes device behavior to detect anomalies, such as a mouse functioning as a keyboard.
Strengthen Your ATM Cyber Security
Gain complete visibility of every known and shadow asset. Prioritize and mitigate risks effectively. Schedule a demo and discover how to leverage Sepio’s patented technology to manage your asset risks in the realm of ATM cyber security.
Read the ATM Cyber Security white paper (pdf)