Malware-based attacks on automated teller machines, or ATM, started making headlines in 2016 with malicious actors using tools such as Ripper and Cobalt Strike to “cash out” the ATMs. These were among the first attacks that were perpetrated through the internal network of the bank, and did not require physical tampering of the ATM itself. The most common attack vector entails phishing, malware infection of an unrelated endpoint, credential theft, privilege escalation, and lateral movement through the bank’s internal network. Ultimately, these events led to the installation of malware on the ATMs which enabled the attackers to remotely dispense cash on demand.
In the aftermath of a series of “jackpotting” attacks across Asia and Europe, ATM manufacturers and law enforcement recommended a number of measures to harden the ATMs themselves and improve cyber hygiene. These included best practices such as regular software patching, anti-virus, encryption (hard disk and end-to-end), principle of least privileges, and others. To complement these, effective network segmentation of the ATM and its requisite backend components will further reduce the cyber risk to these devices. A Zero Trust network model for the ATM and related infrastructure provides positive security controls over the environment.
Read the executive-level use case to learn about the Palo Alto Networks approach to for a Zero Trust network to protect the ATMs and their backend infrastructure as well as the benefits to your financial institution.
