Published on : 30 Jan , 2018
Attack
Jackpotting attack involves accessing ATM’s cash dispenser physically and making it to dispense huge volumes of cash.
Modus Operandi
U.S. Secret service has alerted ATM manufacturers about “jackpotting” attacks on ATMs.
As per Diebold Nixdorf’s Global security alert, Criminals are targeting Front load Opteva ATM
terminals with Advanced Function Dispenser (AFD) using “Ploutus.D” malware. In this case, the original hard
disk of the terminal is removed and replaced with another hard disk, which has been prepared by
the criminals before the attack and also contains an unauthorized and/or stolen image of ATM platform
software. To pair the newly replaced hard disk with cash dispenser, a dedicated button inside the safe
needs to be pressed and held. With the help of industrial endoscope, they are able to locate the button
inside the safe and it is depressed. With this unauthorized ATM software stack, they issue commands to
the dispenser to spit out cash.
Patches
ATMs still running on Windows XP are more vulnerable to this attack.
Windows OS should be updated to newer versions. In India, a considerably large amount
of ATMs are running on Windows XP. It is high time that these ATMs’ OS are updated.
Also, Communication between cash dispenser and ATM core software should be encrypted.
References:
