How to protect ATM from jackpotting: Vynamic Terminal Security

Published: 6 March 2018 y., Tuesday

With the spectacular presentation back in 2010, a well-known computer hacker, Barnaby Jack, shared his forecast about the growth in the number of logical attacks aimed at ATMs around the world. The trick, demonstrated by the established cyber burglar at the Black Hat conference in Las Vegas got the name “jackpotting” and became associated with any fraudulent actions, which resulted the reprogrammed ATM giving out full content of its cassettes to the attackers.

Eight years later, a wave of "jackpot" attacks swept the world: in Japan, Taiwan, Thailand and various parts of Latin America (in particular, in Mexico). Soon the list of countries was replenished with Armenia, Belarus, Great Britain, Bulgaria, Estonia, Georgia, Kyrgyzstan, Malaysia, Moldova, Netherlands, Poland, Romania, Russia and Spain.

A real jackpot for criminals

Technologies used by criminals to organize logical attacks of ATMs are constantly being improved: there is even a so-called Cutlet Maker, a set of tools for hacking, which can be purchased ready-made in the wide space of Darknet.

"This disastrous program is very complex," says Samir Agarwal, vice president of products and general manager, Security and Endpoint Accelerite. "This cunning software even requires an activation code in order to run the program. It is a sort of license key for bad guys as for ordinary legal software. "

The use of such tools practically does not require any special computer knowledge or skills. Cutlet Maker interacts with the software and ATM equipment, almost without encountering any obstacles.


In other cases, the burglars simply remove the ATM’s hard drive, replacing it with a drive that contains the operating system for the ATM along with the malware sometimes even with the copied logo of the ATM original software and particular model. For some machines, they use an endoscope to find the ATM’s diagnostic port, where they plug in a flash drive.



Foto: Result of fraudsters’ work in one European country

A few minutes after the completion of manipulation with the ATM, the second partner, the so-called "mule", approaches the self-service device. The first hacker remotely starts the cash withdrawal scenario, and the "mule" takes all the money from all the cassettes and leaves.

Shortly thereafter, the burglars switch the ATM to normal operation. Using this scenario, at the beginning of this year, more than a million dollars were stolen in the United States. Local law enforcement agencies announced that international criminal groups coordinated the attacks.

So how big is the threat?

Why are ATMs still so vulnerable to logical attacks eight years after the jackpot attracted the attention of ATM manufacturers?

According to Samir Agarwal, everything stops against the need for additional investment. Surprisingly, not all banks are aware of the importance of using solutions that were developed specifically to counter such threats. Some believe that it is enough to use standard antiviruses to protect the computers installed in ATM machines, while others hope for the prompt response of security services monitoring devices using video cameras. The analysis of the consequences of the hacking leads only to one logical conclusion: there is no excessive protection for self-service devices.

In its bulletin issued after a series of logical attacks, Diebold Nixdorf recommends a number of measures to counter the hacking, including restricting access to the ATM, updating the original firmware, monitoring its behavior and suspicious activities, and also, most obviously, updating the operating system, since most compromised ATMs still operate on the basis of the operating system Windows XP, whose support has ceased as early as 2014.

Vynamic™ Security Solution (Terminal Security Suite)

Diebold Nixdorf offers its multivendor software solution to protect against logical and other attacks - Vynamic ™ Security, formerly known as Terminal Security Suite. The solution consists of four modules: Access Protection, Intrusion Protection, Hard Disk Encryption and Fraud Protection.

The multi-level defense system neutralizes the majority of potential threats, including "zero-day attacks" (ie. unknown at the moment). The Terminal Security software package protects ATMs and other devices in real time, implementing the principle of total restriction on the launch of any fraudulent processes and actions. The declared principle of the protective software can be formulated as follows: only repeatedly verified processes allowed and could be started and no other. This principle ("whitelisting") allows you to protect your self-service device's processor from unauthorized use of external devices: flash cards, hard drives and other potential carriers of malicious software.

Vynamic ™ Security also establishes a set of rules using state-of-the-art sandboxing technologies, when software that has a specific purpose has a strictly defined set of resources and regulated computer access.

In addition, Vynamic ™ Security ensures the integrity of the self-service device’s working environment, controls the absence of unauthorized changes in the uniquely created ATM “ecosystem” with a specific set of technical equipment and applications. When trying to replace a hard disk, the extracted media storing confidential information will become unusable, for which Hard Disk Encryption module is the responsible, and one of the ATM alarm scenarios can start on its own. In addition, Fraud Detection module uses Big Data and machine learning technologies and allows tracking deviations in standard behavior scenarios for programs, processes and users. The information about such anomalies is transmitted in real time to security officers, after which the responsible personnel can launch one of the alarm scenarios to protect information, money and property of the bank.

All these characteristics allow asserting the advantage of Vynamic ™ Security over traditional anti-virus programs, which are so far widely used by many banks. Standard antiviruses are not only less effective against various types of attacks, but they can be, in contrast to Vynamic ™, simply disabled by the service engineer while updating the ATM software, leaving the most vulnerable part of the IT infrastructure of the bank without protection.

BS/2 is the official Vynamic ™ Security provider in the CIS and Baltic countries, as well as in other regions. Our consultants are always ready to explain in detail all the benefits of using this solution, developed by Diebold Nixdorf.

Šaltinis: BS/2
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.

Facebook Comments

New comment


Captcha

Joining Forces: BS/2 and ASHBURN International Take Partnership with SUNMI to a New Level at GITEX 2024

BS/2 and ASHBURN International, part of Penki Kontinentai Group, participated in GITEX GLOBAL. more »

The Penki Kontinentai Group Recognizes Liberty Bank as a Leader in Digital Innovation in the EMEA Region

JSC “Liberty Bank” has been awarded a prestigious honor by The Penki Kontinentai Group for its leadership in banking innovation more »

"Penki Kontinentai Group" opened an office in Spain

On 24 May 2024 in Alicante was registered the company PENKI KONTINENTAI ESPANA. more »

Strategic session of the "Penki kontinentai" group of companies: exchange of experience and plans for further development

Penki Kontinentai Group employees attended the annual strategy session held in Vilnius from January 22nd to 26th, 2024. more »

ASHBURN International and Rietumu Bank will collaborate to improve acquiring services in the Baltics and EU

This collaboration represents a significant advance in payment services in the European Union. more »

BS/2 has received awards from Diebold Nixdorf for outstanding collaboration results

The BS/2 delegation attended the annual Banking Partner Summit organized by Diebold Nixdorf in Indonesia. more »

BS/2 Makes a Ukrainian Girl's Dream Come True

For the first time, the Lithuanian national cheerleading team achieved podium placements at the European Cheerleading Championship. more »

Ashburn International Readies to Launch Two New Products on The Polish Payments Market

As a result of attending the XI Cashless Congress in Warsaw, several agreements were reached with Polish cashless payment operators concerning ASHBURN International's products. more »

BS/2 and Modern Expo plan to increase the supply the innovative retail equipment to the Baltic States

Together with BS/2, the Ukrainian supplier plans to expand its presence in the Baltic. more »

Penki kontinentai group participates in DUOday for the third year

The Penki kontinentai group of companies has joined the initiative of the social employment agency SOPA DUOday" for the third year in a row. more »