Jackpotting attacks make U.S ATMs spit out cash in seconds

by Linas Kiguolis - - 2018-01-31

Police has reported about the first jackpotting attacks in the U.S

The Security Service reports about first logical attacks in the U.S

Security researcher, Brian Krebs, from The Secret Service warns about the first jackpotting (also known as logical) attacks in the U.S. Criminals have managed to make domestic ATMs spit out cash in seconds. Experts say that the machine can let out up to 40 bills every 24 seconds^[1].

During the recent years, logical attacks have only been a threat in Asia, Europe and particularly Mexico^[2]. However, now criminals are targeting to hack into ATMs with the help of Ploutus.D malware to exploit system vulnerabilities and make the ATMs dispense money^[3].

NCR alert reports that these attacks should act as a wake-up call for the U.S:

This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.

Criminals need physical access to perform the logical attack

Jackpotting requires opening a fraction of an ATM to connect the laptop or another device. Once the malware is installed, it then exploits system vulnerabilities and uses brute-force attacks to compromise the machine. After the infiltration, criminals gain remote access to the ATM and can take the control over.

During the logical attack in U.S crooks have disguised as ATM technicians to raise less attention when connecting hacking tools to the device^[4]:

Fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.

Experts say that criminals seem to be extra careful since they are mainly targeting stand-alone ATMs:

The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs.

OS updates can help protect ATMs against jackpotting attacks

The Secret Service says that machines still running Windows XP are explicitly vulnerable to logical attacks^[5]. Security experts encourage ATM vendors to update their devices to Windows 7 as soon as possible to eliminate possible system vulnerabilities:

ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to a version of Windows 7 to defeat this specific type of attack.

Since investigators have estimated an approximate €332 million loss from ATM fraud in 2015-2016, it is clear that immediate actions should be taken in order to stop criminals from obtaining illegal profits.

About the author

Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References

^ Charlie Osborne. ATM jackpotting reaches US shores. ZDNet. Technology News, Analysis, Comments and Product Reviews.
^ Jaime Dunaway. Hacking Techniques That Force ATMs to Spit Out Cash Have Made It to the U.S.. Slate Magazine. Politics, Business, Technology, and the Arts.
^ Tom Spring. Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks. Threatpost. The first stop for security news.
^ Brian Kerbs. First ‘Jackpotting’ Attacks Hit U.S. ATMs. Krebs on Security. Security Blog.
^ David Louie. Secret Service warning banks about ATM 'jackpotting'. ABC7 News. KGO Bay Area and San Francisco News.