Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Privacy The Almighty Buck

Ransomware Hit ATM Giant Diebold Nixdorf (krebsonsecurity.com) 36

Brian Krebs reports that Diebold Nixdorf, a major provider of ATMs and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Thankfully, the intrusion only affected the company's corporate network and not its ATMs or customer networks. From the report: Canton, Ohio-based Diebold is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide. The 35,000-employee company also produces point-of-sale systems and software used by many retailers. According to Diebold, on the evening of Saturday, April 25, the company's security team discovered anomalous behavior on its corporate network. Suspecting a ransomware attack, Diebold said it immediately began disconnecting systems on that network to contain the spread of the malware. Sources told KrebsOnSecurity that Diebold's response affected services for over 100 of the company's customers. Diebold said the company's response to the attack did disrupt a system that automates field service technician requests, but that the incident did not affect customer networks or the general public.

An investigation determined that the intruders installed the ProLock ransomware, which experts say is a relatively uncommon ransomware strain that has gone through multiple names and iterations over the past few months. Diebold claims it did not pay the ransom demanded by the attackers, although the company wouldn't discuss the amount requested. But Lawrence Abrams of BleepingComputer said the ransom demanded for ProLock victims typically ranges in the six figures, from $175,000 to more than $660,000 depending on the size of the victim network.

This discussion has been archived. No new comments can be posted.

Ransomware Hit ATM Giant Diebold Nixdorf

Comments Filter:
  • Bound to happen (Score:4, Interesting)

    by ErichTheRed ( 39327 ) on Tuesday May 12, 2020 @06:59AM (#60051292)

    All of these vertical market businesses are especially vulnerable to ransomware and other attacks. They're providing a product/service that's a literal ATM (ha ha) and there's little incentive to change the way they do things. The industry I'm in has a couple of these...there's only 2 or 3 providers of a needed service and getting them to improve ANYTHING is like pulling teeth.

    At the same time, even if they're a development/engineering shop, these companies tend to cheap out on the IT side of the business -- either it's offshored to one of the Indian companies or they just don't pay people well enough and accept that there will be a revolving door in IT. This is where you end up with faulty backups, lax security, and no recovery plan from a ransomware attack.

    • Re:Bound to happen (Score:4, Insightful)

      by jellomizer ( 103300 ) on Tuesday May 12, 2020 @07:57AM (#60051406)

      With the Covid-19 problems, we see the companies that actually invest into their IT staff and technologies faring on average better than those who don't

      IT Planning is all about Disaster planning. We try to work around as many worse case scenarios as possible, and build around them. The organizations with a strong IT skill sets seemed to adapt much faster to a change in business models, because the IT staff had already planned for such a shift in business and got the tools prepped for such a change.

      The problem is most businesses don't think like IT Guys and find all this Disaster Planning depressing, Expensive, and difficult to quantify. What makes it worse, is when they do invest in good technology plan. It doesn't fail or don't fail as badly, so they just don't see the value in it.

      When we do our jobs right, it is like we didn't do anything at all.

    • by cusco ( 717999 )

      A former coworker used to be a service tech for Diebold. 8-10 years after the left the company he was cleaning his garage and found his ring of keys from his former employer. Out of curiosity he put on a mask and tried a couple. Sure enough, they still worked. He just closed things back up and went away, shaking his head.

      • by Pascoea ( 968200 )
        Why wouldn't they still work? Seems like it would be silly to re-key every lock on every ATM. The head-scratcher part of this, to me, is why didn't the company he worked for do a better job of controlling they keys?
        • Re:Bound to happen (Score:4, Informative)

          by cusco ( 717999 ) <brian@bixby.gmail@com> on Tuesday May 12, 2020 @10:22AM (#60051886)

          I work in physical security so maybe I have a different outlook, but both things should happen.

          Keys absolutely have to be controlled, and locks should be re-keyed or upgraded more than once a decade (especially if you're not controlling keys well). At this point there is no reason why ATM enclosures aren't electronically controlled, except that it would cost an extra $100/site. With brass keys there is no accountability and no control over who has accessed where and when. The damn ATM machine already has a secure network connection, the enclosure absolutely should have use of it as well. /rant

      • by tlhIngan ( 30335 ) <slashdot&worf,net> on Tuesday May 12, 2020 @02:35PM (#60053112)

        A former coworker used to be a service tech for Diebold. 8-10 years after the left the company he was cleaning his garage and found his ring of keys from his former employer. Out of curiosity he put on a mask and tried a couple. Sure enough, they still worked. He just closed things back up and went away, shaking his head.

        You'll find a lot of things identically keyed.
        Vending machines, door locks, padlocks, etc. All in the public. Construction vehicles too.

        In fact, if you live in pretty much any metropolitan area, a set of 10 keys all available cheaply on Amazon can get you into most things. And out of those 10 keys, 5 of them you probably already have! (You wouldn't believe where an RV key would get you - besides into other people's RVs, that is).

        And this includes vehicles - fleet keys are extremely common, and extremely replaceable. And if you can't get a key, you can often cut one because a simple FOIA can get you the bitting!

        For some fun, most elevators have a locked compartment, the keying to which is actually public and the key is available cheaply (you might try said RV key first). They're not even high security locks, most are chintzy wafer locks.

        You want to know why? Because gigantic cities like New York and such demand such keys and locks be identical. This means the companies that supply them often manufacture the locks with that keying. So much so, they keep them in regular stock.

        A smaller city wanting some locks will also use those suppliers. They can get the New York keying immediately shipped for half the cost, or have tehir own custom keying for twice the price, and a couple of months of lead time because someone has to manufacture specially for you.

        You might want to Google Deviant Ollam's "This key is your key, this key is my key" talk. Yes, the keys even have names you can punch into Amazon and pick up.

        And even some keys you think might not work, might actually work. Some Kwikset KW1 keys (which you may have as your house key) may actually work in some locks because the locks are just pooly made. About 1 in 20 random keys have a bitting close enough that key can get through the lock. (Even though your front door lock may have 6 pins, often the cheap locks used only check 3 of them and the tolerance is so wide that a whole range of Kwikset keys work).

        The fact is, you don't need a whole lot of keys, or even a lockpick set to get into a startlingly large number of things.

        OK fine, if you want, you'll find Caterpillar equipment is mostly identically keyed as well and replacements can be bought off Amazon or eBay for a buck each. And likely every other piece of heavy machinery from other manufacturers use the same key so if you ever wanted to play with a steamroller outside of Las Vegas, well, you probably can.

        Also takes a lot of the magic out of the "how'd the guy get the keys" question - even if the workers took the keys away, well, a replacement isn't hard to get. And yes, Amazon and eBay sell them as replacement keys or spares so you can give every operator one and they don't have to keep coming into the office because he needed to switch from the bobcat to the bulldozer or digger.

        • by cusco ( 717999 )

          At AWS the fire department at one site wanted hard keys for each of the buildings stored in a Knox-box (a pin-pad secured box) outside of the main entry door, including for the highly-classified server pod. When I pointed out that even the lowest-ranked fire department volunteer (and probably his girlfriend and most of his drinking buddies) knew the combination for the Knox-box the security director had a fit and eventually a shouting match with the fire marshal. Ultimately the fire marshal won, sort of,

  • by jellomizer ( 103300 ) on Tuesday May 12, 2020 @07:46AM (#60051370)

    Anything with an Internet Connection is just asking for trouble. If it is a screen that just needs to talk to the user using it, and connected to the bank system. It doesn't need access to anything beyond in local (I really hope) IP Address of the servers. At the routing level no traffic should be able to go in or out other than those particular IP Addresses. of the ATM going to the Bank Server and the Bank Server connecting to the ATM. With only the ports needed for operation.

  • until we can find a way to trace where the (digital) money goes (in the case the payer agrees to do so)?
  • At which point is a company declared a "giant"? Is that a Slashdot-only title, or is there some government officials you can bribe to get this title?

    I'm going to file this in my own "bullshit titles" category currently filled with "War on xyz" and "xyz-gate".

    • "At which point is a company declared a "giant"?
      [...]
      I'm going to file this in my own "bullshit titles" category"

      I guess you don't pay attention to the brands on ATMs. That's understandable, but leaves you in a poor position to determine who's big in ATMs. Diebold is definitely one of the largest producers in the US.

    • by cusco ( 717999 )

      Well, they're the world's largest ATM manufacturer, so they're **the** giant in their industry. Does that count?

  • Incredibly lucky this corporation doesn't have anything to do with voting machines. Imagine the consequences!

    Is there a Sarcasm Font somewhere?

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...