Curbing Cyber Robbery with Whitelisting Security Solution
In the summer of 2016, an international team of criminals from Eastern Europe and Russia used malware to hack into dozens of a bank’s ATMs in Taiwan to force the cash machines to spit out $2.5 millions in a withdrawal spree, the country’s first recorded case of its kind. Though the case was crashed within 10 days and suspects were arrested, the financial supervisory authority felt uneasy about potential security loopholes in the country’s ATM networks and it required that all ATMs should be shielded with whitelisting security technology against digital heists.
Advantech, as one of the major suppliers for the embedded computers used in ATMs, has worked with one of its SI partners on this and proposed a proactive security solution which provides dual protection to ATMs and servers with both whitelisting and blacklisting security.
Traditional security technologies rely heavily on blacklisting, which lists known threats and records their codes in a database and blocks out attempts of attacks by denying access of those items on the list. However, the real threats are those newly emerging and unrecorded malware. For installations with fixed functions--such as automatic teller machines, factory automation equipment or medical electronic apparatuses, the whitelisting method is more feasible, as it allows only authorized programs to run on the system and blocks out access attempts of all those programs not on the authorized list, which can be more effective in fighting next generation malware than blacklisting.
The Advantech’s proposed ATM security solution incorporates Intel’s McAfee whitelisting package of Application Control, Change Control and ePolicy Orchestrator (ePO), together with McAfee blacklisting software Endpoint Security 10. By providing the hybrid mode of whitelist and blacklist, the solution is aimed to take benefits from both. The blacklist still is advantageous in providing firewall against identified viruses; while the whitelist permits authorized software but it can’t recognize malware.
The McAfee Application Control helps to prevent installation of unauthorized applications; Change Control prevents out-of-policy changes and monitors over file integrity for compliance; while the ePO software provides centralized management, allowing remote deployment and configuration from a single location, which is particularly beneficial for large-scale applications like ATM network with a huge number of machines distributed over a wide geographical range.
By installing the solution on bank servers and ATMs, a bank can establish, maintain and making policy changes to the whitelist at a control center and implant the list into ATMs over the network to provide proactive protection against unknown threats, or hacks. They can also oversee the activities at all ATMs from a remote center and review reports produced by the ePO software.
Endpoint Security 10 will prevent invasion of known threats while the firewall will allow designated software code to enter through designated ports. A checking mechanism will be established to verify the integrity and source of programs delivered from the control center.
Provides whitelisting and blacklisting protection to bank servers and ATMs against cyber crimes or hacks, so as to eradicate chance of digital heists
Enables centralized security monitoring and management with functions of remote configuration and policy orchestration, allowing administrators to maintain whitelist and policies over the network and thereby reducing operational and maintenance cost of the security solution.