IBM Security recently announced its X-Force Red Labs. This is a new network of four secure facilities dedicated to testing the security of devices and systems including consumer and industrial IoT technologies, automotive equipment and Automated Teller Machines (ATMs). IBM’s X-Force Red also has launched a dedicated ATM testing practice in response to increased demand for securing financial transaction systems.
“IBM (News - Alert) X-Force Red has one mission – hack anything to secure everything,” said Charles Henderson, global managing partner, IBM X-Force Red Labs. “Via X-Force Red Labs, we have the ability to do just that, in a secure and controlled environment. Whether it's the newest smart phone that hasn't been released, an internet-connected refrigerator or a new ATM, we have the capability to test, identify, and help our clients remediate vulnerabilities before the bad guys can exploit them.”
X-Force Red, an autonomous team of veteran hackers within IBM Security, will run the new Labs. The X-Force Red Labs offer secure locations where X-Force Red's seasoned hackers will work to find vulnerabilities in devices in both hardware and software, before and after they are deployed to customers. The four Lab locations will be in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA.
IBM X-Force Red, through the new four global testing labs, assists engineers and developers with building in security throughout the development lifecycle of hardware and software. This includes IoT-enabled devices and ATMs. The service includes: documenting product requirements, technical deep dive, threat modeling, generating security requirements and penetrating testing.
With more than 300 million ATMs in the world, financial institutions need to protect these targeted machines from attackers. In early 2018, law enforcement alerted financial institutions of increased threats targeting ATMs in the U.S. that allow criminals to "jackpot" the machines and steal their contents on demand. These attacks have been known to use both malware and physical access to the ATM device to empty all of the cash from the machine. Since 2017, X-Force Red has experienced a 300 percent increase in requests for ATM testing due these emerging threats.