Jackpotting Attacks Cross the Pond to US ATMs

first_img The Secret Service is warning U.S. financial institutions of “jackpotting” attacks hitting ATM operators across the country.As its name suggests, the hack allows thieves to force bundles of cash out of automated teller machines on demand.But while the complicated crime has long plagued banks in Europe and Asia, U.S. operators were left unscathed—until now.The raids, also known as “logical attacks,” require physical access to a cash machine, where muggers can use malware or specialized electronics (or probably a combination of both) to control ATM operations.And once you’ve gained control of ATM operations, what else is there to do but get rich quick?Diebold Nixdorf Inc. and NCR Corp., two of the world’s largest automated teller machine makers, did not immediately respond to Geek’s request for comment.But, according to KrebsOnSecurity, NCR on Jan. 26 sent an advisory to customers regarding Secret Service reports of jackpotting in the United States.“While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue,” the notice said, according to Krebs. “This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”Diebold offered a similar sentiment, telling customers that “the attack mode involves a series of different steps to overcome security mechanism and the authorization process for setting the communication with the [cash] dispenser,” a security alert said.Details are hazy: There is no word on the type of malware used, who has fallen victim, or how much money has been stolen.According to Krebs’ anonymous source, however, organized criminal gangs are to blame; the groups have allegedly been attacking stand-alone ATMs using “Ploutus.D,” an advanced strain of malicious jackpotting software first spotted in 2013.A recent analysis of Ploutus.D by security firm FireEye called it “one of the most advanced ATM malware families we’ve seen in the last few years.” Stay on target Geek Pick: Ring Stick Up Cam Battery Is Standalone SecurityAndroid Ransomware Pretends to Be Reddit Porn center_img Let us know what you like about Geek by taking our survey.last_img

Leave a Reply

Your email address will not be published. Required fields are marked *