National Cash Register (NCR) Corporation and Diebold Nixdorf, two leading financial self-service providers in the United States, have issued warning against cyber breaches that make ATMs gush out cash incessantly. Terming the hack as ‘jackpotting’ the self-service kiosk makers accepted to having informed their clients about the vulnerability. Although there is no available data on the losses due to these incidents, the ATM manufacturers have admitted to the rising cases of jackpotting across the world.
NCR cautioned, “This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack.” These ATM cyberattacks took off in 2015 in Asia, Europe and Mexico, however, now their new target is U.S, raising concerns for US Secret Service, which has advised financial institutions to be cautious.
KrebsOnSecurity, a leading blogging site for cybersecurity, raised the alarm about these ATM attacks spreading in US, elaborating on how these attackers, dressed up as technicians, target isolated ATMs. The cyber attack is usually carried out by accessing the machine physically and interlacing it with hi-tech electrical hacking equipment. Diebold Nixdorf issued a circular, mentioning, “In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal in order to infect the ATM PC or by completely exchanging the hard disk (HDD). In recent evolutions of Jackpotting attacks portions of a third party multi-vendor application software stack to drive ATM components are included. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protects against the attack.”