Posted on February 1, 2018 at 3:10 PM
Hackers are now targeting ATMs in the US where they compromise the ATM network to steal large amounts of cash.
The US Secret Service recently issued a warning to all US-based banks that addresses the recent instances, known as “jackpotting”. This involves hackers compromising an ATM to steal cash from the machine. While this technique has occurred several times all over the world. This marks the first time that jackpotting hits US shores.
The hackers firstly need the ATMs physical location and address before they can launch the attack. After confirming the physical location of the targeted machine, the hackers use either malicious software of physical hacking techniques to compromise the device in such a way that it starts dispensing its cash reserves quickly. If successful, the ATM resembles that of a slot machine whose player just won the jackpot. This is ostensibly where the technique got its name.
According to the Secret Service, the responsible hackers were able to identify and exploit certain vulnerabilities in the ATM network. Stand-alone ATMs, such as those that are located in places such as pharmacies and retailers, are particularly vulnerable to these attacks.
In the last week, over six attacks were executed. The hackers managed to steal over $1 million to date from ATMs in various locations from New England, to the Gulf region, and even as far as the Pacific Northwest.
The Secret Service believes that the culprits behind these attacks could either form part of an organized crime organization or an individual.
The prominent ATM manufacturers, NCR Corporation and Diebold Nixdorf, confirmed that they issued a warning to their clients regarding the latest attacks. According to a Diebold Nixdorf spokesperson, the hackers seemed to be targeting older Diebold Nixdorf models.
Similar attack campaigns were previously conducted in South America in 2017.
There have also been instances of jackpotting reported in both Asia and Europe. The US attacks were first reported by the independent cybersecurity expert, Brian Krebs.
According to the CEO of the threat intelligence company, CYR3CON, Paulo Shakarian, there has been a notable increase in ATM activity and especially jackpotting on the Dark Web in recent months. The Dark Web is a network which can only be accessed using specialized software and is notorious for its criminal connotations.
Shakarian confirmed that his team observed a significant increase in activity pertaining to the tools needed to perform jackpotting hacks. In addition, the firm also found several conversations which mention new hardware designed to perform jackpotting hacks. The Dark Web also features a guide that offers a step-by-step explanation of the jackpotting technique that is for sale.
The CEO stated that these indicators might confirm that future instances of jackpotting are inevitable.
The Secret Service declined to confirm just how many instances of jackpotting took place or exactly how much money has been stolen so far. However, the Secret Service’s official release noted that they received warning of more hacks taking place in the future.