What We Learned from the FiXS Attack: Secure Remote Access Defends ATMs

The recent FiXS malware attack on a bank ATM in Mexico proves criminals are becoming more and more sophisticated by the day. FiXS is the…

The recent FiXS malware attack on a bank ATM in Mexico proves criminals are becoming more and more sophisticated by the day. FiXS is the new threat – an advanced ATM malware used in a series of attacks across Mexico. Since February, these attacks have allowed cybercriminals to access cash on demand from targeted ATMs by the millions. They even obtained all the information cardholders input through the keypads. This left the door open to access personal and account details. 

To make matters worse, this could have been avoided since the machines were old with outdated systems. The attack comes at an especially tough time for Mexico as three of their top lenders experienced billion-dollar defaults late last year. It’s not a secret that customers are losing faith.  

The Impact of Malware on Banks 

ATM malware attack incidents increased from 39% in 2021 to 58% last year, affecting 4,183 devices. In January 2023 alone, there were 33 reported attacks, with unreported attacks up by an estimated 1400%. Shopping and cash withdrawals are returning to normal activity, and cyber criminals are ready with new ways to steal. A recent report shows a steady increase in attacks and more forecasted. 

The impact of cyberattacks is a top concern for financial institutions – and for good reason. The estimated cost for each bank is approximately $48,124 per 100 ATMs annually in maintenance and operation. This includes securing networks. Cyber-attacks on financial institutions are increasing in severity and loss, seriously affecting customer trust and the future of the business. 

PoS Terminals are at Risk of Ransomware Too 

Criminals have adapted their attacks to PoS or Point-of-Sale devices. They are everywhere but not commonly considered at risk, like ATMs. This is far from the truth. PoS devices, like ATMs, are the gateway to hundreds of customer bank accounts and must be secured to the highest level. These devices are such an easy target because merchants tend not to update the equipment, even when advised to do so. Old devices use obsolete operating systems and software. As a result, they become difficult to resolve or manage, ultimately making the devices extremely vulnerable.  

How Banks Can Defend Against Ransomware Threats Such as FiXS Using Impero 

Although communications are encrypted, ATMs still need defence. It’s important that banks can quickly identify unusual amounts of transferred data or communications that involve different IP addresses.  

Given the specific MO of the crew using the FiXS malware, certain defence tactics should be implemented. For example, with Impero Connect, a bank or financial institution can have an additional protection layer against threats such as FiXS.  

Impero Connect & a Multi-Layer Approach to Security 

The word “layer” is not used by accident – Impero Connect has a multi-layered approach to security. As the FiXS incident shows, layers are important.  

These hackers reverse-engineered ATM hardware and then inserted the malware via USB devices. Since the initial attack phases occurred in person, ATM software must be properly protected. After entering the machine, FiXS penetrated successive layers of the ATM software. This is a particular vulnerability if no authentication method exists for a specific layer.  

That is why Impero Connect equips networks with distinct checkpoints to prevent unauthorized access 

With Connect, customers can easily manage user access and make sure all entry points are protected. In addition, Impero allows companies to select various access criteria, including MAC/IP address checks, closed user groups, callback verification and end-user approval.  

Impero also integrates with customers’ existing authentication schemes and supports multi-factor authentication through SMS tokens, soft tokens and challenge-based tokens. 

Impero Connect & Zero Trust Security 

Impero Connect follows the Zero Trust security model: the assumption is that the infrastructure is not impenetrable and that access to it will, at some point, be manipulated – either by threat actors or by technicians with specific privileges.  

To mitigate the consequences of a malware attack similar to FiXS, the protection of critical points of the ATM infrastructure should follow two directives: minimizing the attack surface & controlling hardware and software changes.  

Minimizing the attack surface is important. This principle is about limiting attack avenues by constantly verifying access to software, hardware and communications and granting a minimum set of legitimate resources 

Impero Connect enables companies to define users’ rights and functionality to the smallest detail. This ensures no user is used as an attack vector due to excess access privilege.  

Change management should also be tightly controlled. Operators with physical access to the ATM should only be allowed to make changes during authorised periods, according to a specific security policy, and subject to total monitoring of operations.  

Impero Connect offers granular control over all user permissions based on criteria such as schedule and timing. Customizable security roles are available, so each technician only makes approved changes within a specific timeframe.  

Moreover, Connect offers complete logging capabilities with customizable audit trails and session recordings. This way, all changes to software or hardware are recorded. Recordings cannot be tampered with, constituting a solid audit record.  

Additional Benefits of Using Impero Connect for ATM Management 

A viable remote support solution allows banks and service providers to quickly respond to threats by reducing expensive service trips to ATM sites with the benefit of an added layer of security. When defending against cyberattacks, speed is of the essence.  

By adding secure remote access technology, banks can manage the costs and headaches of device service delays and maintenance. There are, of course, other benefits of adopting a scalable solution that can be deployed quickly across networks. Such benefits include: 

  • Protection against ransomware attacks 
  • An improvement in issue resolution time  
  • Improved customer satisfaction 
  • Significant cost reduction with truck rolls and maintenance 
  • Compliance best practices on regulatory frameworks such as PCI DSS, ISO or GDPR 

Impero Connect is the Remote Access Support Solution for Financial Institutions 

First Interstate Bank is just one of many Fortune 500 companies that understand the importance of top-level remote access security and regulatory compliance. By adopting an enterprise-class security architecture, they were able to gain massive annual savings by reducing service trips. Find out how Impero Connect supports First Interstate Bank.  

With Impero Connect, IT teams can easily support and manage workstations, servers, PoS devices, embedded systems, virtual environments, VDI desktops and mobile devices. Our solution encrypts communication tunnels and secures access to devices outside LANs without maintaining open ports or VPNs.  

This multilayer threat protection solution also offers full auditing capabilities that help banks satisfy the strictest compliance standards, including PCI DSS, GDPR, HIPAA, FIPS and ISO 27001.  

To learn more about how Impero Connect can be the core of your network threat strategy, book a demo today.  

If you found this post helpful, visit our blog for more insightful and supportive content. Stay up to date on industry trends and product news by following us on; LinkedIn, Twitter and Facebook.  

Become a subscriber today!

Subscribe to our blog today to receive all of the latest updates.

Name(Required)
This field is for validation purposes and should be left unchanged.