Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Jackpotting Attacks Hit U.S. ATMs
Jackpotting Attacks Make ATMs Spew Out Money
Jackpotting Attacks Make ATMs Spew Out Money
By Samuel Gibbs Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Cybercriminals are hacking cash machines to force them to give out money in what is known as "jackpotting," according to two of the world's largest ATM makers and the US Secret Service.

Diebold Nixdorf and NCR sent out an alert to their customers over the weekend, but did not identify victims or specify how much money had been stolen. The US Secret Service started warning financial institutions that jackpotting was now a risk in the US last week, having started in Mexico last year, according to a confidential alert seen by Krebs on Security.

Diebold Nixdorf said that authorities had warned the company that hackers were targeting its Opteva ATM model, which went out of production several years ago.

NCR said: "This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack."

Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details. Hackers require physical access to the cash machine using specialized electronics and malware to take control, including an endoscope.

Once taken over, the machines can be forced to dispense money at a rate of 40 notes every 23 seconds until it is empty, according to the Secret Service. The only way to stop the machine spitting out cash is to press the cancel button on the keypad.

Criminals have been targeting cash machines in pharmacies, retailers and drive-through ATMs, according to the Secret Service.

Attackers in Mexico have been using variants of the Ploutus malware, first spotted in 2013, according to security firm FireEye. It is believed that US cybercriminals are using similar techniques.

"Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes," wrote Daniel Regalado, manager of research science for FireEye last year.

Cash machines in more than a dozen countries across Europe were remotely attacked in 2016, according to Russian cybersecurity firm Group IB. Similar attacks were also reported in Thailand and Taiwan.

© 2018 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock/Artist's concept.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.