ATM jackpotting, a sophisticated form of theft that combines physical and cybercrime elements, has become a growing concern for banks and ATM owners worldwide. By exploiting vulnerabilities in automated banking machines, criminals are able to force ATMs to dispense cash, often within a matter of minutes, before making a quick getaway. The use of portable devices, such as laptops or smartphones, allows perpetrators to connect to the ATM physically, while malware is used to target the cash dispenser and manipulate it into releasing funds.
One of the key components of an ATM jackpotting attack is the rogue device that mimics the ATM’s internal computer. This device can either be directly connected to the cash dispenser or to the ATM’s network, enabling the criminals to command the machine to dispense cash or capture cardholder data passing between the ATM and the bank’s transaction processing center. In some cases, criminals use malware-infested USB drives to install malicious software on the ATM’s hard drive, giving them control over the system and access to its cash reserves.
Two of the most commonly used ATM malware families in jackpotting attacks are Ploutus and Anunak. Ploutus, discovered in 2013, allows criminals to bypass an ATM’s security measures and take physical control of the machine to steal money. This malware can be operated remotely via SMS messaging, making it a powerful tool for thieves looking to make a quick profit. On the other hand, Anunak malware, also known as Carbanak, is a backdoor based on Carberp malware that enables attackers to remotely control infected ATMs and withdraw large sums of cash at will.
Standalone ATMs in retail premises and other isolated locations are the preferred targets for ATM jackpotting attacks due to their lower security measures and monitoring. Older machines that may not have been updated with the latest security patches are particularly vulnerable, but any ATM can fall victim to this type of crime. In addition to stealing cash, attackers may also install malware on the machine, replace its hard drive, or cause temporary disruptions by rebooting the ATM.
ATM jackpotting attacks have been reported in various countries around the world, with incidents occurring in Mexico, Ukraine, Taiwan, Europe, Asia, and the United States. In response to the growing threat, ATM manufacturers and banks have implemented strategies to prevent jackpotting attacks. These include routine monitoring, software updates, security patches, disabling auto-start functions, and electronic surveillance systems to detect and deter criminals.
As the sophistication of ATM jackpotting attacks continues to evolve, it is essential for organizations to stay vigilant and implement robust security measures to protect their ATMs and customers from falling victim to this type of cybercrime. By understanding the techniques used by criminals and staying proactive in prevention efforts, banks and ATM owners can mitigate the risk of financial losses and ensure the security of their ATM networks.