Jackpotting : 3 Things to Know About the Latest Attacks

atm jackpotting security

According to a recent report by cybersecurity journalist Brian Krebs, jackpotting—a hacking technique wherein malicious hardware or software forces ATMS to dispense huge amounts of cash unreservedly—has made its first appearance in the United States this week. Latin America, Europe, and Asia have already suffered such attacks in the past, but these attacks are now very immediate.

What do you need to know about jackpotting?

1. Jackpotting is Spreading like Wildfire

There have been several reports of jackpotting attacks across the United States, from the Atlantic to the Pacific. The reason? It’s proven wildly successful so far.

In an official release, the Secret Service—the institution investigating the attacks—stated the following: “Criminals have been able to find vulnerabilities in financial institutions that operate ATMs, primarily ATMs that are stand-alone. The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive thru ATMs.”

Indeed, over $1 million has been stolen already from jackpotting attacks.

2. The Attacks are Simple, and the Attackers Diverse

There isn’t necessarily a singular technique to successfully corrupt and convert an ATM into an illicit money dispenser, but there does appear to be some similarities between the recent attacks.This technique involves using an endoscope—the medical camera device—to find an attachment point in the ATM so hackers can connect their computers, and then swap the hard disk with a nearly-identical malware-laden one. The ATM becomes out-of-service to everyone else except the hacker, who can collect money from it at any time. The money tends to shoot out like the hacker won a casino jackpot, hence the tactic’s name.

What makes preventing these attacks difficult is there doesn’t seem to be a singular threat actor responsible. It seems more likely that knowledge of successful jackpotting techniques has proliferated among hackers on the dark web, so individuals and criminal organizations are taking advantage of it. A common tactic, however, if for the threat actors to dress as ATM technicians to disguise their actions and intentions.

3. Particular ATMs Are More Vulnerable

ATMs made by manufacturers Diebold Nixdorf and NCR Corporation seem to be the most targeted, although it is not clear why at this time. Additionally, ATMs running outdated WIndows XP operating systems or updated Windows 7 seem to be more vulnerable.

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *