ATM jackpotting is the detection and exploitation of vulnerabilities in Automated Teller Machines (ATMs). These operations aim to force the machines to dispense all the cash in their reserves.
If hackers are successful in breaching the ATM, they have the potential to clean out all the money inside of it. These funds don’t technically belong to any account, so usually, the bank’s customers aren’t the ones who suffer from the attack.
How Does ATM Jackpotting Work?
In order to successfully carry out an ATM jackpotting heist, you first need physical access to the machine as well as a wireless hardware device known as a ‘rogue device’.
Rogue devices are unauthorized tools, such as portable computers, which exist for the sole purpose of causing harm, stealing information, and disrupting the normal function of a network.
Threat actors who gain access to an ATM’s internal computer typically remove the hard drive and uninstall any antivirus software present. With the antivirus gone, the hackers can install their malware, replace the hard drive, and reboot the ATM. The jackpotting operation typically takes less than a minute.
There are two primary forms of ATM jackpotting.
1. Malware-Based Jackpotting
This form of jackpotting, which uses a USB device, usually has malware heavily loaded onto it like CutletMaker or Ploutus D. The USB is then plugged into the ATM’s USB terminal, which forces the machine to dispense cash for the hacker to collect.
2. Black Box Attack
In this case, the rogue devices are known as black boxes. These devices mimic the ATM’s internal computer and can be anything from laptops to Raspberry Pis, which are relatively easy to obtain or build.
The black box can be used in two different ways. The first involves mimicking the internal computer of the ATM, connecting directly to the dispenser, and commanding it to spit out cash.
The other method for stealing cardholder information from an ATM involves physically plugging into the network cables and intercepting the data as it’s being relayed between the ATM and the transaction center. This information can then be used to process fraudulent transactions.
Hitting the Jackpot?
ATM jackpotting is a form of cybercrime that has become increasingly popular among threat actors in recent years due to its ease and potential for large payouts. Jackpotting attacks can have severe consequences for targeted institutions, customers, and companies, making it a serious threat to the financial industry as a whole.
To protect themselves from jackpotting attacks, financial institutions and companies need to implement up-to-date security measures and carry out routine checks of their ATMs for signs of tampering or malware infection.