The Carabinieri of Monza (Italian Police department) found a threat actor group that stole cash in over 35 ATMs and post office cash machines in Italy using a black box attack technique. According to a report, the police stated that the cybercriminal group stole about €800,000 in seven months by jackpotting ATMs.
The Italian Carabinieri identified 12 people linked to the threat group. The gang had their bases in the provinces of Monza, Milan, Modena, Bologna, Rome, Viterbo, Mantua, Vicenza, and Parma.
How Black Box Jackpotting Works
- Black Box attacks are a type of Jackpotting attack.
- In a Jackpotting attack, threat actors use an external device known as Black Box and a software stack of the compromised ATM to launch Jackpotting attacks.
- To jackpot an ATM, hackers connect their personal device (Black Box) to the ATM’s communication system to obtain physical access to the ATM.
- The attacker then unplugs the communication cable between the CMD-V4 dispenser and the ATM PC, and connects it to the Black Box to send illegitimate dispense commands to the ATM.
- Unsecured/poorly secured ATMs are more vulnerable to jackpotting attacks as attackers can easily manipulate the cash machines.
Jackpotting attacks are popular among the underground cybercriminal groups. Earlier, National Cash Register (NCR) Corporation and Diebold Nixdorf, two leading financial self-service providers in the United States, issued warnings against cyber breaches that make ATMs gush out cash incessantly. Terming the hack as Jackpotting, the self-service kiosk makers accepted to having informed their clients about the vulnerability. Although there is no available data on the losses due to these incidents, the ATM manufacturers have admitted to the rising cases of jackpotting across the world. Read the full story here…