Auriga reports that the new year increasingly sophisticated and systematic cyber threats. One of the most widespread phenomena globally is ATM Jackpotting. In fact, after a record 2022 in terms of cybercrime, even the start of the new year sees the banking sector subject to increasingly sophisticated and systematic threats. In many cases they target the ATM infrastructure.

Alarm from Auriga

His accomplice increasing interconnection with cloud archives, payment apps and corporate networks. In particular, one of the most widespread global phenomena is ATM Jackpotting, a cybercriminal technique that has already been in use for several years and has caused enormous economic losses to ATM operators.

The FiXS case in Mexico

Several organizations have already suffered from ATM Jackpotting. Mode of cyber attack that physically access at ATMs to withdraw cash fraudulently. The latest threat, which is already wreaking havoc in Latin America, especially in Mexico, dates back to the end of February 2023. It demonstrates the existence of a new ATM malware variant called FiXS, which allows cash to be stolen from the ATM .

How does the new threat work?

FiXS gets illegal access to the XFS (eXtended Financial Services) middleware that controls the ATM hardware devices. By connecting to XFS, FiXS can send commands directly to the ATM dispenser, completely bypassing the transaction authorization process. In this way, FiXS is able to attack different ATM models, regardless of the vendor.

How the new malware works

Strategic Foresight Team of Auriga

Here is a new piece of malware, responsible for creating many problems within the Mexican banking system and in other Latin American countries. It risks expanding to countries such as Spain, thus also affecting European banking infrastructures.

Auriga’s point of view that raises the alarm

In a landscape characterized by the proliferation of attacks, understand that every organization that operates an ATM network is a potential target of Jackpotting attacks is crucial. Because it allows the application of efficient cybersecurity countermeasures for critical infrastructures such as ATMs, designed to provide essential services for users. They must therefore guarantee availability and reliability of the service on an ongoing basis.

What to do for safety

From a security perspective, ATM devices are very difficult to secure with traditional technologies. On the one hand, the lack of proactive update policies. On the other, the constant exposure of the device for physical access. All this creates an environment inherently vulnerable that make it an extremely delicate touchpoint.

Zero Trust model

When it comes to critical devices. the Zero Trust model comes into play playing a central role in the cybersecurity strategy. The task of this model is to make a series of suspicious assumptions about the vulnerability of the traditional infrastructure that manages the devices. By interrogating each access and assuming that the remote access system can be manipulated. Either the software distribution system can be used to distribute malware or the stolen hard drive to carry out reverse engineering activities.

What does it mean?

The value of the Zero Trust strategy involves radical change in the security paradigm. By moving from a legitimacy model based on external sources and behavior analysis to a proactive approach. According to Auriga, one of the first most critical points lies precisely in the drastic reduction of the attack surface. Secondly, stringent ATM change control is strictly necessary. Blocking any attempt to modify the software or hardware that has not been explicitly authorized.

Alert from Auriga: the latest cyberthreat is called ATM Jackpotting

The Zero Trust approach is based on Lookwise Device Manager (LDM), the solution developed by Auriga for the cybersecurity of bank self-service devices, such as ATMs and ASSTs. With the aim of protecting the ATM in all phases of the lifecycle LDM, which is based on NIST (National Institute of Standards and Technology) principles, offers the different layers of protection in a single platform.

Designed to integrate perfectly with the main operating procedures of ATMs, it guarantees any changes in a controlled and protected manner. In the case of FiXS, it offers comprehensive device protection at different stages of the attack lifecycle (preparation, infection, persistence and execution).