Malware Discovered That Causes ATMs to Spit Out Cash
There has been a spike in the number of criminals infecting ATM machines with a special type of malware that causes the machine to spit out copious amounts of currency, according to a report from Vice.
“Part of the security issue for ATMs is that many of them are, in essence, aged Windows computers.”
“Jackpotting,” as the report from Vice explains, “is a technique where cybercriminals user malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening the panel on the machine to reveal a USB port.” Researchers warn that the problem is compounded due to the ancient software that these ATMs are running.
“These are very old, slow machines,” a source told Vice, with the author noting that “part of the security issue for ATMs is that many of them are, in essence, aged Windows computers.”
Cybersecurity firm, Kaspersky first published its research on what was known as a ‘Cutlet Maker’ piece of malware back in 2017. It was listed for sale online in hacking forums, meaning that “anyone with a few thousand dollars could buy the malware, and have a go at jackpotting ATMs themselves,” the Vice report says.
“The bad guys are selling these developments [malware] to just anybody,” David Sancho
David Sancho, senior threat researcher at Trend Micro who works alongside Europol on jackpotting incidents told Vice that “the bad guys are selling these developments [malware] to just anybody,” adding that this trend has enabled small outfits and up-and-coming criminals to start targeting ATMs for an easy pay-day. “Potentially this can affect any country in the world,” he concluded.
David N. Tente, executive director of USA, Canada & Americas at the ATM Industry Association (ATMIA) said that “in order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack.”
ATM manufacturers have since taken steps to improve the security on their products to make them as difficult as possible to penetrate and insert a device like a USB, however, steps that have been taken haven’t curbed all attacks.
A spokesperson from Spanish bank Santander said in a statement emailed to Vice that “protecting our customers’ information and the integrity of our physical network is at the core of what we do. Our experts are involved in every stage of product development and operations to protect customers and the bank from fraud and cyber threats. This focus on protecting our data and operations prevents us from commenting on specific security issues.”
According to Vice, “the lowering of the barrier to entry to ATM malware has arguably driven to some of the spike in jackpotting attacks. In January 2018, the Secret Service began warning financial institutions of the first jackpotting attacks in the U.S., although those used another piece of ATM malware called Ploutus.D.”
“Globally, our 2019 survey indicates that jackpotting attacks are increasing,” Tente said.
“There are attacks happening but a lot of the time it’s not publicized,” he concluded.