By : Owen Wild
April 10, 2018 08:00 AM
In 2016, a new type of attack on ATMs began occurring in parts of Asia and Europe. Known as 'jackpotting', the vector involves using malware or a “black box” to manipulate ATMs into freely dispensing cash.
If successful, these attacks can give up cash at a rate of up to 40 notes every 20 seconds, and will keep doing so until the machine is empty – so clearly it is an issue that can have serious consequences for banks. But until recently, it was an issue that was limited to Europe and Asia, with reports from places such as Taiwan and Thailand among those making early reports about the problem.
However, it has now spread to the US.
The US Secret Service advised in January that it had received reports of several successful jackpotting attacks across the country, from the Gulf Coast to New England.
The attacks typically targeted standalone ATMs, like the ones found in pharmacies, big box retailers, and drive-thru locations. So far, those targeted have been older models running outdated operating systems such as Windows XP, where hackers have gained physical access to the device and replaced the hard drive with one infected with malware.
Until now, the US has been considered to be at less risk than some other parts of the world, due to operators typically being more able to regularly upgrade their machines.
However, it has been suggested that it was only a matter of time before US ATMs became targets, with Secret Service special agent Matthew Quinn telling Wired there are a couple of potential reasons for this.
"First, financial fraud is cyclical. Attack one region, locally or globally, and move on before apprehension or after law enforcement exposure," Quinn said. “The second often revolves around ease of entry. Organized transnational criminal groups may first target a region with less law enforcement presence and less restrictive means of entry."
So what can ATM network operators in the US do in order to protect themselves against this new threat? The first step is to understand how these attacks occur. There are two key attack methods that can be used to perform jackpotting: black box attacks and offline malware.
NCR has been actively advising operators of NCR ATMs of the steps that they can take to mitigate the risk of black box and malware attacks. ATM operators should always ensure they are following general security best practices and guidelines, such as those set out in NCR's Logical Attack Protection Whitepaper. Protection and mitigation need to extend far beyond just the updates offered by ATM providers, but need to be a key part of an ATM deployer's own security environment.
In addition, ATM operators should always ensure they are following general security best practices and guidelines, such as those set out in NCR's Logical Attack Protection Whitepaper. Protection and mitigation need to extend far beyond just the updates offered by ATM providers, but need to be a key part of deployers’ own security environment.