How to protect ATM from jackpotting: Vynamic Terminal Security

Published: 6 March 2018 y., Tuesday

With the spectacular presentation back in 2010, a well-known computer hacker, Barnaby Jack, shared his forecast about the growth in the number of logical attacks aimed at ATMs around the world. The trick, demonstrated by the established cyber burglar at the Black Hat conference in Las Vegas got the name “jackpotting” and became associated with any fraudulent actions, which resulted the reprogrammed ATM giving out full content of its cassettes to the attackers.

Eight years later, a wave of "jackpot" attacks swept the world: in Japan, Taiwan, Thailand and various parts of Latin America (in particular, in Mexico). Soon the list of countries was replenished with Armenia, Belarus, Great Britain, Bulgaria, Estonia, Georgia, Kyrgyzstan, Malaysia, Moldova, Netherlands, Poland, Romania, Russia and Spain.

A real jackpot for criminals

Technologies used by criminals to organize logical attacks of ATMs are constantly being improved: there is even a so-called Cutlet Maker, a set of tools for hacking, which can be purchased ready-made in the wide space of Darknet.

"This disastrous program is very complex," says Samir Agarwal, vice president of products and general manager, Security and Endpoint Accelerite. "This cunning software even requires an activation code in order to run the program. It is a sort of license key for bad guys as for ordinary legal software. "

The use of such tools practically does not require any special computer knowledge or skills. Cutlet Maker interacts with the software and ATM equipment, almost without encountering any obstacles.


In other cases, the burglars simply remove the ATM’s hard drive, replacing it with a drive that contains the operating system for the ATM along with the malware sometimes even with the copied logo of the ATM original software and particular model. For some machines, they use an endoscope to find the ATM’s diagnostic port, where they plug in a flash drive.



Foto: Result of fraudsters’ work in one European country

A few minutes after the completion of manipulation with the ATM, the second partner, the so-called "mule", approaches the self-service device. The first hacker remotely starts the cash withdrawal scenario, and the "mule" takes all the money from all the cassettes and leaves.

Shortly thereafter, the burglars switch the ATM to normal operation. Using this scenario, at the beginning of this year, more than a million dollars were stolen in the United States. Local law enforcement agencies announced that international criminal groups coordinated the attacks.

So how big is the threat?

Why are ATMs still so vulnerable to logical attacks eight years after the jackpot attracted the attention of ATM manufacturers?

According to Samir Agarwal, everything stops against the need for additional investment. Surprisingly, not all banks are aware of the importance of using solutions that were developed specifically to counter such threats. Some believe that it is enough to use standard antiviruses to protect the computers installed in ATM machines, while others hope for the prompt response of security services monitoring devices using video cameras. The analysis of the consequences of the hacking leads only to one logical conclusion: there is no excessive protection for self-service devices.

In its bulletin issued after a series of logical attacks, Diebold Nixdorf recommends a number of measures to counter the hacking, including restricting access to the ATM, updating the original firmware, monitoring its behavior and suspicious activities, and also, most obviously, updating the operating system, since most compromised ATMs still operate on the basis of the operating system Windows XP, whose support has ceased as early as 2014.

Vynamic™ Security Solution (Terminal Security Suite)

Diebold Nixdorf offers its multivendor software solution to protect against logical and other attacks - Vynamic ™ Security, formerly known as Terminal Security Suite. The solution consists of four modules: Access Protection, Intrusion Protection, Hard Disk Encryption and Fraud Protection.

The multi-level defense system neutralizes the majority of potential threats, including "zero-day attacks" (ie. unknown at the moment). The Terminal Security software package protects ATMs and other devices in real time, implementing the principle of total restriction on the launch of any fraudulent processes and actions. The declared principle of the protective software can be formulated as follows: only repeatedly verified processes allowed and could be started and no other. This principle ("whitelisting") allows you to protect your self-service device's processor from unauthorized use of external devices: flash cards, hard drives and other potential carriers of malicious software.

Vynamic ™ Security also establishes a set of rules using state-of-the-art sandboxing technologies, when software that has a specific purpose has a strictly defined set of resources and regulated computer access.

In addition, Vynamic ™ Security ensures the integrity of the self-service device’s working environment, controls the absence of unauthorized changes in the uniquely created ATM “ecosystem” with a specific set of technical equipment and applications. When trying to replace a hard disk, the extracted media storing confidential information will become unusable, for which Hard Disk Encryption module is the responsible, and one of the ATM alarm scenarios can start on its own. In addition, Fraud Detection module uses Big Data and machine learning technologies and allows tracking deviations in standard behavior scenarios for programs, processes and users. The information about such anomalies is transmitted in real time to security officers, after which the responsible personnel can launch one of the alarm scenarios to protect information, money and property of the bank.

All these characteristics allow asserting the advantage of Vynamic ™ Security over traditional anti-virus programs, which are so far widely used by many banks. Standard antiviruses are not only less effective against various types of attacks, but they can be, in contrast to Vynamic ™, simply disabled by the service engineer while updating the ATM software, leaving the most vulnerable part of the IT infrastructure of the bank without protection.

BS/2 is the official Vynamic ™ Security provider in the CIS and Baltic countries, as well as in other regions. Our consultants are always ready to explain in detail all the benefits of using this solution, developed by Diebold Nixdorf.

Šaltinis: BS/2
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Modern SUNMI payment devices are gaining popularity in Georgia

At the request of the largest banks in Georgia, Bank of Georgia and TBC Bank, SUNMI payment devices were designed according to their brands. more »

How to secure ATMs: crime statistics 2021

We invite you to see how things are with the security of ATMs in 2021 and how relevant this problem is. more »

Cash Management.IQ functional update: successful software integration with cash sorters

BS/2 integrated the Cash Management.IQ software with cash sorters from CPS, G&D, Glory and other manufacturers. more »

Security solutions for ATM is especially relevant in the African region

ATMeye.iQ is a software solution developed by BS/2 company, which is designed to secure ATMs and help resolve disputes with customers. more »

Towards innovation: Diebold Nixdorf and BS/2 discussed plans for 2022

On February 2, 2022, BS/2 executives met with representatives of Diebold Nixdorf. more »

Penki kontinentai group strengthens positions on the Georgian market

Penki Kontinentai is a payment terminal service provider. The company currently operates 30,000 terminals in Georgia. more »

Smart POS-terminals with COVID certificate scanning functionality

Managers and customers of Lithuanian catering establishments are already happy with the new payment devices, which can be used not only to accept payments with cards but also to verify national COVID certificates. more »

Android-based smart POS-terminals come to the Baltic market

ASHBURN International introduced to the market a modern solution for cashless payment acceptance. more »

Anar Gasimov - "We took the direction of digitalization

V International Banking Forum in Baku has come to an end. This year it was dedicated to cashless monetary circulation and brought together participants not only from Azerbaijan more »