After spreading in other parts of the world, an ATM jackpotting technique named Ploutus.D is starting to pop up...
across the U.S. How does the Ploutus.D strain of malware make ATM jackpotting possible? What measures can banks take to prevent this from happening to them?
There is a widely held perception that ATMs are secure, but as news stories show, that perception is not always the reality.
ATMs are designed to work for an extended period of time in hostile environments that might not be physically secure or that might go unattended for long stretches of time. They also need to meet the functionality and cost requirements of the many different parties that want their location to have an ATM.
Because ATMs are essentially safes that dispense cash on demand, the use of Windows and commodity hardware has potential advantages for management and development for manufacturers, but it lowers the barriers preventing attackers from stealing money from ATMs. From the attacker's viewpoint, ATM jackpotting -- in which the attacker forces the ATM to dispense all its stored cash -- is the best kind of ATM attack.
While ATM jackpotting attacks have occurred previously outside the U.S., the first such attacks in the U.S. were reported early this year by cybersecurity reporter Brian Krebs after he discovered that ATMs manufactured by Diebold Nixdorf were being targeted with the Ploutus.D malware for ATM jackpotting.
The Ploutus.D malware is designed to attack ATMs and gives malicious actors the ability to dispense cash. After an attacker has compromised the physical security of the ATM to replace the hard drive or infect the computer with the Ploutus.D malware, the attacker can enter an activation code to dispense the cash.
Banks may want to put pressure on manufacturers to improve the security of their devices and pressure businesses with ATMs to implement basic security or use machines with higher security capabilities. For existing businesses with ATMs, a review of the guidance from Diebold that Krebs posted should be used, as the guidance essentially says to perform basic security hygiene, such as physically securing the ATMs, installing the most recent versions of the firmware and software, monitoring the systems, and then responding to incidents.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.