Are our ATMs safe? ATM makers warns of cyber criminals using ‘Jackpotting’ to steal cash

Ringing alarm bells, two of the world’s largest ATM makers, have warned that cyber criminals are targeting cash machines by using  ‘jackpotting’ – a hacking method that force ATM to spit out cash .

The Diebold Nixdorf Inc and NCR Corp- the two ATM makers have sent out alerts to clients in US, which was confirmed by the company officials.

Various reports of Jackpotting have been reported world wide but it is still unclear as to the extend of damage. Though there we

So what is Jackpotting?

According to Krebson Security, ATM “jackpotting” is a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand.

The security news website has made it clear, it has long been a threat for banks in Europe and Asia. Now, the US according to the website, the US Secret Service has quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.

According to Anti-virus vendor Kaspersky Lab, the cyber criminals infects an ATM with special malware called Skimer and then they can use ATM’s own card reader and pin pad to steal all necessary bank card credentials.

In a blog post about the topic it says, “And that’s not it when it comes to sharing; if they have infected an ATM, they can go one step further and control not only the pin pad and card reader devices, but also the cash dispenser. So not only they can steal cards credentials, but they also can send a command to spit out all the money ATM has inside its cash deposit unit,”

Criminals behind this cyber campaign are hiding their tracks very carefully. In fact, that’s why they use these double tactics. While they surely could cash out at any moment by ordering all the ATMs they have infected to eject money, it would definitely raise suspicion and probably lead to large investigation. That’s why they prefer to keep malware in the ATM unnoticed and silently collect skimmed card data, leaving the second option — instant cash out — for the future.

New Alerts 

Diebold Nixdorf said in a separate  alert that US authorities had warned the company that hackers were targeting one of its ATM models, known as Opteva, which went out of production several years ago.

Diebold Nixdorf’s alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.

Russian cyber security firm Group IB has reported that cyber criminals remotely attacked cash machines in more than a dozen countries across Europe in 2016. Similar attacks were also reported that year in Thailand Taiwan and also in India.

Security news website Krebs reports that the NCR memo does not mention the type of jackpotting malware used against U.S. ATMs.

The NCR alert reads. “While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue.“This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”