I’ve seen ATMs using Windows 7 embedded. 802.1x support on 7 (let alone embedded) was extremely janky at best. Also it didn’t support some of the features that modern switches support too. That’s not an excuse for them but most likely their “defense in depth” was very limited and they just didn’t do quite a bit of it.
There are mitigations possible against allowing unrecognized MAC addresses from getting network connection when plugged into an open port.
Security is meant to have layers. Defense in depth.
Can’t be forgetting 802.1x
I’ve seen ATMs using Windows 7 embedded. 802.1x support on 7 (let alone embedded) was extremely janky at best. Also it didn’t support some of the features that modern switches support too. That’s not an excuse for them but most likely their “defense in depth” was very limited and they just didn’t do quite a bit of it.