ATM Jackpotting Attack   





Published on : 30 Jan , 2018


Attack


Jackpotting attack involves accessing ATM’s cash dispenser physically and making it to dispense huge volumes of cash.

Modus Operandi


U.S. Secret service has alerted ATM manufacturers about “jackpotting” attacks on ATMs. As per Diebold Nixdorf’s Global security alert, Criminals are targeting Front load Opteva ATM terminals with Advanced Function Dispenser (AFD) using “Ploutus.D” malware. In this case, the original hard disk of the terminal is removed and replaced with another hard disk, which has been prepared by the criminals before the attack and also contains an unauthorized and/or stolen image of ATM platform software. To pair the newly replaced hard disk with cash dispenser, a dedicated button inside the safe needs to be pressed and held. With the help of industrial endoscope, they are able to locate the button inside the safe and it is depressed. With this unauthorized ATM software stack, they issue commands to the dispenser to spit out cash.

Patches


ATMs still running on Windows XP are more vulnerable to this attack. Windows OS should be updated to newer versions. In India, a considerably large amount of ATMs are running on Windows XP. It is high time that these ATMs’ OS are updated. Also, Communication between cash dispenser and ATM core software should be encrypted.

References: