According to a recent report by cybersecurity journalist Brian Krebs, jackpotting—a hacking technique wherein malicious hardware or software forces ATMS to dispense huge amounts of cash unreservedly—has made its first appearance in the United States this week. Latin America, Europe, and Asia have already suffered such attacks in the past, but these attacks are now very immediate.
What do you need to know about jackpotting?
1. Jackpotting is Spreading like Wildfire
There have been several reports of jackpotting attacks across the United States, from the Atlantic to the Pacific. The reason? It’s proven wildly successful so far.
In an official release, the Secret Service—the institution investigating the attacks—stated the following: “Criminals have been able to find vulnerabilities in financial institutions that operate ATMs, primarily ATMs that are stand-alone. The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs.”
Indeed, over $1 million has been stolen already from jackpotting attacks.
2. The Attacks are Simple, and the Attackers Diverse
There isn’t necessarily a singular technique to successfully corrupt and convert an ATM into an illicit money dispenser, but there does appear to be some similarities between the recent attacks.This technique involves using an endoscope—the medical camera device—to find an attachment point in the ATM so hackers can connect their computers, and then swap the hard disk with a nearly-identical malware-laden one. The ATM becomes out-of-service to everyone else except the hacker, who can collect money from it at any time. The money tends to shoot out like the hacker won a casino jackpot, hence the tactic’s name.
What makes preventing these attacks difficult is there doesn’t seem to be a singular threat actor responsible. It seems more likely that knowledge of successful jackpotting techniques has proliferated among hackers on the dark web, so individuals and criminal organizations are taking advantage of it. A common tactic, however, if for the threat actors to dress as ATM technicians to disguise their actions and intentions.
3. Particular ATMs Are More Vulnerable
ATMs made by manufacturers Diebold Nixdorf and NCR Corporation seem to be the most targeted, although it is not clear why at this time. Additionally, ATMs running outdated WIndows XP operating systems or updated Windows 7 seem to be more vulnerable.
- Endpoint Security Providers: Best of 2023 and Beyond - October 31, 2022
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021