Jackpotting: The ATM malware attack targeting banks


August 28, 2018

IT Compliance (49)

Just when you thought you had your organization’s cybersecurity under control, there’s a new threat on the block that’s specifically targeting financial institutions. Jackpotting—a hacking technique used to steal cash from ATMs—reached the United States this year, setting off a wave of concern in the financial industry.

So, why exactly is jackpotting a concern, and what can you do about it? Today, we’ll answer your questions about this nefarious tactic and outline some precautions your organization can take to prevent an attack.

What is jackpotting?

Jackpotting is essentially an ATM hijack in which criminals take control of individual ATMs by syncing the machines to their laptops. Using an endoscope—a tubular camera used in medical procedures—prospective jackpotters identify the connection site, then connect their devices and install malware that allows them to dispense cash from front-loading machines.

The first jackpotting attacks hit the U.S. in January 2018, prompting the Secret Service to issue a cybercrime warning to financial institutions. However, jackpotting is nothing new. In fact, IT support providers have known these attacks were feasible since 2010, when they were demonstrated at a Black Hat conference.

What is new is hackers’ sudden interest in attacking ATM, which has forced banks to examine the precarious position of cash machines. What used to seem like a distant specter has suddenly become a serious threat in urgent need of preventative IT solutions.


How real is the threat?

Although there have only been a few reports of jackpotting in the U.S. thus far, IT solutions providers have warned banks not to take the threat lightly, and a wave of attacks in Europe have U.S. officials concerned that the same thing could happen across the pond. According to European financial associations, jackpotting incidents rose by 231% between 2016 and 2017, reaching a frightening 193 attacks last year.

What’s more, cybersecurity groups have noticed a clear uptick in jackpotting discussions on dark web forums, and evidence suggests that actors on the dark web are working to make jackpotting malware easier to use. With instructional manuals available for download and other such tools increasingly easy to come by, even criminals without specialized tech knowledge are well-positioned to perpetrate the hack. Essentially, the barrier to entry is being lowered, leaving ATMs more vulnerable than ever.

How can I protect my financial organization?

Many ATMs are still running Windows XP, meaning they don’t have the sophisticated security protections of a modern operating system. IT support providers can assist in upgrading your machines’ operating systems to Windows 7 or 10, which will help you close exploitable security loopholes.

In addition, keep in mind that hackers seem to be drawn to standalone ATMs located at retailers, pharmacies and drive-throughs, according to Secret Service warnings. While all front-load Opteva models are at risk, Opteva 500 and 700 series Dielbold ATMs tend to be specifically targeted.

There are also some physical precautions you can take to protect ATMs, such as securing the head compartment and control access areas and installing two-factor authentication for repair technicians working on machines. It’s a good idea to deploy firmware on all machines and monitor for suspicious activity as well. You can find in-depth details in Diebold’s Global Security Alert, and IT support providers can help here as well.

Want to learn more about protecting your financial institution? Download our Cybersecurity Bundle in which we discuss the finer points of cybersecurity planning and other IT solutions for your organization. Watch out, hackers, there’s a new sheriff in town!

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...