Hacker Tracker: Neutralizing ATM Jackpotting

ATM Jackpotting Threat

Fraudsters today are going big and going home — with lots of dough.

By this, we mean that the traditional attacks on credit cards and bank accounts that the payments industry has come to know are now being overshadowed by bigger, more strategic attacks — ultimately resulting in bigger payoffs. James Chappell, CTO and cofounder of Digital Shadows, joined this week’s Hacker Tracker to shed light on how the latest trend of ATM jackpotting is just the tip of the iceberg for cybercriminals looking to steal larger sums of money with bigger attacks.

When Bigger Is Better

The end of 2016 saw a spike in ATM jackpotting attacks, which involved hackers using a computer malware to infect ATM machines and force them to distribute significant quantities of cash.

The cybercriminals were able to take advantage of a previously unknown vulnerability found in ATMs operated by both NCR and Diebold Nixdorf in order to steal large sums of money from local bank branches throughout Europe and East Asia.

Though the companies have since worked to address the vulnerabilities and mitigate ongoing risk, Digital Shadows CTO and cofounder James Chappell told PYMNTS that the threat is just an indication of what’s to come in the world of cybercrime.

In order to conduct the attacks, hackers needed physical access — either to the computer network an ATM ran on or to be able to physically insert a device into the machine to upload the malware — which Chappell said highlights another level of sophistication than your average criminal.

“This is just indicative of the much more targeted types of attacks that cybercriminals are going for now — they’re interested in getting larger sums of money from single attacks, and their levels of sophistication are increasing,” Chappell explained.

“We’re now looking at attacks that are more complex, take longer to plan but have much higher payouts.”

Chappell noted that anyone involved in payments or payments systems need to be aware of these evolving tactics — while they should keep implementing the cyber protections they’re already doing, he suggested that now they also consider their most vulnerable systems and where a criminal seeking large sums of money may focus their efforts.
With this mindset, companies must then make sure the appropriate protections are placed around those vulnerable systems where larger financial transactions take place, such as the SWIFT network.

Keeping 2017 Protected

While Digital Shadows expects to see targeted attacks that are much bigger and more complex on the horizon in 2017, Chappell also shared that threats like denial-of-service attacks, malicious botnets like Mirai and ransomware are all things to keep a close watch on in the year ahead.

Last year, mainstream sites that users both frequent and rely on were rendered useless due to a massive distributed-denial-of-service (DDoS) attack on the internet domain directory Dyn. The DDoS attack on Dyn was fueled by a botnet known as Mirai, which utilized hacked DVRs and webcams to launch the series of attacks.

According to Dyn and cybersecurity researches at Flashpoint, the Mirai malware is able to scan the internet, looking specifically for IoT devices that are safeguarded by default or weak passwords. Once those newly compromised devices are at play, hackers can then use them to seek out other vulnerable devices to build a network that can be used to launch attacks.

“The fact that Mirai has been released publicly has substantially lowered the bar for launching large-scale DDoS attacks. The available information has indicated that a certain level of technical capability is required to install and operate Mirai; however, it is unlikely that this constitutes a significant obstacle for a determined actor, as guides and advice on this malware are widely available online,” stated the Mirai and The Future report from Digital Shadows. “Mirai therefore has the potential to act as a force multiplier for a range of actors engaging in DDoS attacks, including hacktivists, extortionists and politically inspired actors.”

Chappell also noted that the role of ransom and extortion in any business continues to be a top security concern.

“Ransomware is not going away in 2017; it’s very much here to stay,” he added.

The intersection of cybersecurity and politics is also a surprising trend that is sure to continue for years to come.

As municipalities, voters and voting systems become prime targets for hackers and malicious schemes, Chappell said cybersecurity is something democracies and governments will have to gain a better understanding around and defense against.

“The role that cybersecurity has taken in politics recently is something I don’t think any of us were expecting quite the level of debate around,” he said.