Nautilus ATM Flaws Could Allow Hackers Access to Cash (Nov 11, 2019)
Researchers at Red Balloon Security found two vulnerabilities in retail versions of Nautilus ATMs, the largest provider of ATMs in the United States. The vulnerabilities were reported to Nautilus, and patches were developed and released within a week of the report. Red Balloon will not release a detailed breakdown of the vulnerabilities in order to prevent criminals from replicating their efforts. The two vulnerabilities, one found in the machine’s remote management system and one in the ATM’s peripherals software, could allow the remote theft of payment card numbers and PIN keypad inputs during a transaction. Red Balloon researchers and Nautilus executives have no evidence that anyone has taken advantage of the vulnerabilities. While fixes have been made available, it is unclear as to how many ATMs have received the necessary firmware updates.
Recommendation: Customer-facing companies such as Nautilus that store card data must actively defend against Point-of-Sale (POS) threats and stay on top of industry compliance requirements and regulations. All POS networks should be aggressively monitored for these types of threats. In the case of infection, the affected networks should be repopulated. Furthermore, customers should be notified as soon as possible and potentially offer fraud protection to avoid negative media coverage and reputation.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.