ATM Cyber Security: Automated teller machines (ATM’s) are a prime target for hackers who carry out attacks such as ATM Jackpotting Attacks. Why? The amount of money inside of them and the easy access to obtaining it. Some ATMs are filled with over $2,000 a day. That’s $14,000 a week. And $56,000 a month. Give or take the money going out from transactions, that is still a hefty sum of money.
Eleven years ago, in 2008, the estimated sum of money lost to ATM attacks was over $1 billion. That sum is likely to have increased as hackers’ skills improve and the ways in which they go undetected are becoming more sophisticated. Financial losses are not the only cost. A loss of reputation and customer loyalty comes with ATM fraud. ATM cyber security related fraud increased by 26% from 2015 to 2016, with 23,588 attacks in the latter year, indicating the critical need for asset risk management for financial institutions.
Cyberattacks on ATMs can Come in Many Shapes and Forms
ATM Specific Malware – i.e., CutletMaker, Ploutus D, ATM Proxy.
Specific Hardware – ATM Black Box Attacks
Specific Hardware – Network Implants
ATM Cyber Security: Defending Against Rogue Devices and Black Box Attacks
In any type of the above Cyberattack methods, hackers use hardware devices known as Rogue Devices, posing a significant threat to ATM cyber security. Either for triggering the ransomware or as a MiTM attack over the USB or the Ethernet interface.
Attackers use rogue devices as a tool for their attacks, benefiting from the invisibility it provides them with. These rogue device attacks occur on the Physical Layer, making them undetectable by security software solutions. The sophistication of these devices is allowing bad actors to carry out their attacks remotely. Thus increasing their anonymity and reducing the risk of being caught.
By attaching a spoofed peripheral to the ATM’s cash dispenser, the perpetrator can send cash dispensing commands. Bypassing the need for a card or transaction authorization. This is called a black box attack. Its primary limitation is that it requires physical access to the ATM internals for the installation of the black box or keyboard. As attackers discover that gaining physical access to the internals of the ATM is becoming more challenging, they have introduced a new method of attack. External network implants which are becoming more popular, further complicate ATM cyber security. They are in most cases off-the-shelf-devices, mainly cellular routers, modified in such a way that they operate in “transparent/bridge” mode without having any L2 (MAC) presence. As such, they cannot be picked up by NAC/IDS solutions (Moving Beyond NACs).
Enhancing ATM Cyber Security with Sepio
Many times, enterprises’ IT and security teams struggle in providing complete and accurate visibility into their hardware assets. Especially in today’s extremely challenging IT/OT/IoT environment. This is due to the fact that often, there is a lack of visibility. Which leads to a weakened policy enforcement of hardware access. This may result in ATM cyber security accidents, such as ransomware attacks, data leakage, etc.
To address this challenge, you need ultimate visibility into your hardware assets, regardless of their characteristics and the interface used for connection by attackers. Moreover, it is important to be practical and adjust to the dynamic Cybersecurity defenses put in place to block them, as well as take advantage of the “blind” spots – mainly through USB Human Interface Device (HID) emulating devices or Physical layer network implants.
Securing Hardware Assets with Sepio
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practices for ATM cyber security policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.
Sepio is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces.
Sepio’s solution, identifies, detects and handles all peripherals; no device goes unmanaged. The only company in the world to undertake physical layer visibility fingerprinting, Sepio calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.
See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks in the context of ATM cyber security.
