After spreading in other parts of the world, an ATM jackpotting technique named Ploutus.D is starting to pop up...
across the U.S. How does the Ploutus.D strain of malware make ATM jackpotting possible? What measures can banks take to prevent this from happening to them?
There is a widely held perception that ATMs are secure, but as news stories show, that perception is not always the reality.
ATMs are designed to work for an extended period of time in hostile environments that might not be physically secure or that might go unattended for long stretches of time. They also need to meet the functionality and cost requirements of the many different parties that want their location to have an ATM.
Because ATMs are essentially safes that dispense cash on demand, the use of Windows and commodity hardware has potential advantages for management and development for manufacturers, but it lowers the barriers preventing attackers from stealing money from ATMs. From the attacker's viewpoint, ATM jackpotting -- in which the attacker forces the ATM to dispense all its stored cash -- is the best kind of ATM attack.
While ATM jackpotting attacks have occurred previously outside the U.S., the first such attacks in the U.S. were reported early this year by cybersecurity reporter Brian Krebs after he discovered that ATMs manufactured by Diebold Nixdorf were being targeted with the Ploutus.D malware for ATM jackpotting.
The Ploutus.D malware is designed to attack ATMs and gives malicious actors the ability to dispense cash. After an attacker has compromised the physical security of the ATM to replace the hard drive or infect the computer with the Ploutus.D malware, the attacker can enter an activation code to dispense the cash.
Banks may want to put pressure on manufacturers to improve the security of their devices and pressure businesses with ATMs to implement basic security or use machines with higher security capabilities. For existing businesses with ATMs, a review of the guidance from Diebold that Krebs posted should be used, as the guidance essentially says to perform basic security hygiene, such as physically securing the ATMs, installing the most recent versions of the firmware and software, monitoring the systems, and then responding to incidents.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack ... Continue Reading
A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.