Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
The most memorable cyber attack demonstration I’ve ever seen was Barnaby Jack’s ATM jackpotting presentation at Black Hat 2010. (Rest in peace, Barnaby Jack.) He exploited vulnerabilities in two third party ATM models made by Triton and Tranax. He bought the ATM devices himself so he could research them and take them to the event. Both ran a version of Microsoft Windows CE. It’s eight years later and embedded versions of Windows 7 and Windows 10 are two of the most common ATM operating systems.
Barnaby Jack began by remotely connecting to the Tranax ATM from his laptop. From there he executed his Jackpot malware which caused the ATM to play music and spit out its money in a dramatic and messy way. If that happened in the real world, bystanders would probably be running to the ATM to grab as much cash as they possibly could. For his second attack, he put his USB stick into the Triton ATM. His Scrooge rootkit enabled him to rewrite the device’s firmware. Through the malicious firmware, Barnaby Jack was able to withdraw cash from the ATM without needing to use an authenticated bank account. No numbers changed in any bank accounts, the Triton ATM just released its cash as the Tranax ATM did. When a cyber attack causes an ATM to release cash without taking the money from a bank account or credit card, that’s called jackpotting.
The vulnerable ATMs could be found, targeted, and exploited by war driving if the device presented any sort of wireless network connectivity. (War driving is the act of looking for WLANs or WiFi connected devices while walking or driving around an area with a WiFi transceiver.)
Fast forward to November 2017. The FBI caught three men visiting ATMs in Wyoming, Colorado, and Utah together to engage in jackpotting attacks which helped them steal tens of thousands of dollars. Surveillance camera footage from one attack showed the men opening the top of an ATM in order to physically deploy Ploutus.D malware. The FBI said:
“Often the malware requires entering of codes to dispense cash. Codes can be obtained by a third party, not at the location, who then provides the codes to the subjects at the ATM. This allows the third party to know how much cash is dispensed from the ATM, preventing those who are physically at the ATM from keeping cash for themselves instead of providing it to the criminal organization. The use of mobile phones is often used to obtain these dispensing codes.”
On August 10th, the FBI sent an alert to banks around the world. Apparently, Jackpotting attacks are a bigger threat than ever, and banking institutions must be vigilant. All successful jackpotting attacks to date have involved physically deploying malware to targeted ATMs, one at a time.
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach. Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
Another jackpotting attack methodology the FBI warns about involves magnetic strip cards.“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”
ATM manufacturers like Diebold, Tranax, and Triton must work with Microsoft to deploy better patches against jackpotting malware. Also, ATM manufacturers and banks should never use operating systems that are no longer supported with security patches. That’s been a common problem all around the world
The FBI has some additional tips.
It seems that the FBI has reason to believe that many financial institutions don’t monitor their ATMs as thoroughly as they should. If ATMs aren’t configured to specifically whitelist the applications they were designed to use, that’s a serious security flaw that’s easily avoidable. The successful jackpotting attacks so far usually involve the attacker physically tampering with their targeted ATMs. Is there a way for police or armed security guards to be deployed to ATMs within a few minutes of tampering being caught on camera?
The financial incentive for banks to put serious effort into security hardening against jackpotting attacks couldn’t possibly be more obvious. I’d love to see the Beagle Boys try these sorts of attacks on DuckTales. Disney rebooted that show? Well, thanks for the childhood nostalgia!
Tags: Cyber Security
Reading Time: 4 minutes There should be no doubt in anyone’s mind that the coronavirus pandemic will reshape our education systems. It has already altered how students around the world learn and share knowledge with their peers in just a matter of months. Those changes can give insight into how education will progress in the long run, for better…
Reading Time: 3 minutes [Pull quote: In my experience, our customers really appreciate our team’s attention to detail and ability to listen. Here at Comodo, we value professionalism–but we’re also available and friendly.– Stephen Corsale, SVP of Customer Success and Professional Services at Comodo] One thing that’s unique about the cybersecurity industry is that a vendor is successful when…
Reading Time: 3 minutes With cybersecurity playing such an essential role in modern-day business culture, many companies are sourcing highly specialized personnel to help keep their organizations secure. While departmental structures vary from company to company, many would agree a dedicated Chief Information Security Officer (CISO) provides the best bang for buck when establishing sustainable security practices now and…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP