The hacking group, believed to be an international cybercrime gang, used a technique seen in other countries over the past few years to get ATMs to rapidly spit out cash on demand. Called “jackpotting” because the cash shoots out of the machine the way winnings do on a slot machine, the attack requires the hackers to have physical access to the ATM.
Once they have physical access, the hackers can use malware or they can replace the hard drive with an infected one and take control over the system.
ATM jackpotting attacks have happened in other parts of the world — including Central America, Europe and Asia — for several years, but now the attacks have made their way to America, according to a warning sent out to financial organizations by the U.S. Secret Service.
The confidential Secret Service alert, which investigative cybersecurity journalist Brian Krebs reported on, said that ATMs running Windows XP were at the greatest risk of being jackpotted and the hackers were targeting ATMs located in pharmacies, big box retailers and drive-thrus. The Secret Service recommended that ATM operators upgrade to Windows 7 to minimize the risk.
According to Krebs, the Secret Service alert explained that once the hackers have physical access to an ATM, they use an endoscope — an instrument typically used in medicine — to locate where they need to plug a cord into the inside of the cash machine to sync their laptop with the ATM.
HOW ATM JACKPOTTING WORKS
The hackers reportedly disguise themselves as ATM maintenance crews to gain access to the machines without raising suspicion. Once the malware has been installed on the compromised ATM it will appear to be out of order to potential users. Then, one attacker can go up to the machine while remote hackers trigger the malicious program, and the hacker who appears to be an ordinary ATM user receives the outpouring of cash. The Secret Service report said that in an average Ploutus.D attack, the money is continuously dispensed at a rate of 40 bills every 23 seconds until the machine is totally empty.
After they’ve emptied the ATM, the hackers disguised as the maintenance crew come back and remove their tools to return the ATM to normal operations — without any available cash.
In his blog post about the recent wave of ATM jackpotting attacks, Krebs noted that the hacking group has been targeting Diebold Nixdorf ATMs, which are vulnerable to the Ploutus.D malware. Specifically, Secret Service warned that the attacks have focused on the Opteva 500 and 700 series from Diebold.
Krebs also said the Secret Service had evidence that further attacks were being planned across the country.
Diebold issued a warning about the attacks and suggested that countermeasures to ATM jackpotting should include limiting physical access to the ATM, making sure the firmware for the machines are up to date with the latest security updates, and monitoring the physical activity of the machines. Without physical access, ATM jackpotting is not possible.
Thanks for being here Famz👏, we hope you enjoyed the post📖? If so, please don’t leave🏃 without helping us do the following: Share the POST to your SOCIAL CIRCLES, give the post a LIKE to encourage us👍, DROP COMMENTS/VIEWS using the comment box below, BOOKMARK this page and most importantly, LIKE OUR FACEBOOK PAGE so as not to miss any of our updates.