ATM manufacturer Diebold Nixdorf has alerted banks and commercial companies of a advanced attack of Jackpotting that would be active in Europe against their ATMs.
Jackpotting is a computer attack on ATM software that allows stealing large amounts of cash or sensitive customer information like card cloning. In a typical attack, criminals gain physical access to ATMs in any way, by tearing off the chassis or drilling it to access its internal connectors and install what is known as a “black box” with malware.
After restarting the system, the infected ATM is already under your control. They connect the “black box” to a laptop and execute commands for various functions. The most profitable one is to get the ATM to “spit” bills non-stop, as is the case.
This type of attack on ATMs has been known for decades, but this one is special. Attackers typically use programming software from the same ATM, but in this case Nixdorf claims to have found own code developed by the manufacturer making it very difficult for attack.
“Some of the successful attacks show a new Modus Operandi adapted on how it is done. Although the scammer still connects an external device, at this stage of our investigations we have discovered that the device also contains parts of the attacked ATM software stack », they explain from Diebold.
These types of attacks are relatively easy to execute and are very popular with criminal gangs who buy “black boxes” prepared for the purpose on the black market. Once they physically access the ATM, they can hack the software and issue commands to have the machine drop bills at a rate of 40 bills in 23 seconds. It can also be done with sensitive customer information to clone credit cards.
Diebold Nixdorf explains that these attacks, very dangerous when using the manufacturer’s own code, are taking place in ATMs of “Various European countries”, although he has not cited which ones.