Jackpotting attacks make U.S ATMs spit out cash in seconds

Police has reported about the first jackpotting attacks in the U.S

Security researcher, Brian Krebs, from The Secret Service warns about the first jackpotting (also known as logical) attacks in the U.S. Criminals have managed to make domestic ATMs spit out cash in seconds. Experts say that the machine can let out up to 40 bills every 24 seconds^[1].

During the recent years, logical attacks have only been a threat in Asia, Europe and particularly Mexico^[2]. However, now criminals are targeting to hack into ATMs with the help of Ploutus.D malware to exploit system vulnerabilities and make the ATMs dispense money^[3].

NCR alert reports that these attacks should act as a wake-up call for the U.S:

This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.

Criminals need physical access to perform the logical attack

Jackpotting requires opening a fraction of an ATM to connect the laptop or another device. Once the malware is installed, it then exploits system vulnerabilities and uses brute-force attacks to compromise the machine. After the infiltration, criminals gain remote access to the ATM and can take the control over.

During the logical attack in U.S crooks have disguised as ATM technicians to raise less attention when connecting hacking tools to the device^[4]:

Fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.

Experts say that criminals seem to be extra careful since they are mainly targeting stand-alone ATMs:

The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs.

OS updates can help protect ATMs against jackpotting attacks

The Secret Service says that machines still running Windows XP are explicitly vulnerable to logical attacks^[5]. Security experts encourage ATM vendors to update their devices to Windows 7 as soon as possible to eliminate possible system vulnerabilities:

ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to a version of Windows 7 to defeat this specific type of attack.

Since investigators have estimated an approximate €332 million loss from ATM fraud in 2015-2016, it is clear that immediate actions should be taken in order to stop criminals from obtaining illegal profits.