ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia. Last week, the U.S. Secret Service began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines in the U.S., Krebs on Security reports. To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics to control the operations of the ATM.
On Friday, NCR sent an advisory to customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the U.S. The company said, “This represents the first confirmed cases of losses due to logical attacks in the U.S. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.” The Secret Service is warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013. Crooks reportedly are activating so-called “cash out crews” to attack front-loading ATMs manufactured by ATM vendor Diebold Nixdorf. Fraudsters dressed as ATM technicians attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. “The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” says a confidential Secret Service alert.