Sepio | Blog

ATM Jackpotting Attacks

ATM jackpotting attack

Money Doesn’t Grow on Trees Except when ATM Jackpotting Attacks.

“Money doesn’t grow on trees”. We have all heard this saying which emphasizes that money does not simply appear, that making a living requires hard work and long hours. But what if this isn’t the case? Cybercriminals are carrying out jackpotting attacks on ATMs that suggest that actually, yes, money can just appear, and, no, it does not require hard work and long hours – more like a few minutes.

Why ATMs are Often Subject to Attacks from Cybercriminals

ATM Jackpotting presents an irresistible opportunity for cybercriminals who seek financial gain. ATMs are essentially metal boxes storing large amounts of cash. It is, therefore, no surprise that ATMs are often subject to attacks. An attack on an ATM can bring the perpetrator instant rewards – and in substantial amounts. With more than 3.5 million ATMs around the world, malicious actors are not short of targets. And what better way to attack an ATM than to jackpot it (ATM Security)?

How ATM Jackpotting Provides a Global Attack Surface

ATM Jackpotting is a type of logical attack that instructs the machine to dispense cash at a rapid pace. Such attacks have become more frequent, with the European Association for Secure Transactions (EAST) reporting a 269% increase in logical attacks between 2019 and 2020 (‘Black Box’ and Physical Attacks Against ATMs Surge). The worldwide presence of ATMs means jackpotting attacks are a global threat. In Europe, Diebold Nixdorf, a leading ATM manufacturer, issued an alert warning about the rising number of jackpotting attacks in 2020. Last month, two individuals were arrested for ATM jackpotting attacks in Europe which saw them steal over $273,000 (Arrests made over European ATM ‘jackpotting’ spree). The Secret Service also issued a warning regarding jackpotting attacks in the United States (Secret Service warning banks about ATM ‘jackpotting’).

An Explanation of ATM Jackpotting Attacks

ATM Jackpotting attacks occur in one of two ways; through malware or using a black box. Both methods require physical access to the machine and the use of hardware attack tools, known as rogue devices.

ATM Malware

The attacker inserts a USB device ridden with ATM-specific malware, such as CutletMaker or Ploutus D, to the ATM’s USB port. The malware instructs the machine to dispense cash which the attacker later collects. Ploutus, which first appeared in Mexico in 2013, has generated a loss of more than $450 million globally. (Financial Services risk: Cyber security concerns grow)

Black Box Attack

The perpetrator attaches a black box (typically a Raspberry Pi device) to the ATM’s internal cash dispenser (ATM Black Box Attacks). The black box relays commands sent from the attacker to the cash dispenser, forcing it to spit out money. As in the malware-based method, the malicious actor (or a trusty accomplice) swiftly comes to pick up the cash. Research by Positive Technologies found that 69% of ATMs are vulnerable to Black Box Attacks (ATM logic attacks: scenarios, 2018).

ATM jackpotting

ATM’s Lack Sufficient Physical Protection Making Hacking Appealing

Attackers need to gain physical access to the ATM when conducting a jackpotting attack. This, however, is not too much of a challenge. Most offsite ATMs lack sufficient physical protection, relying mainly on CCTV and the prying eyes of the public – obstacles that can easily be bypassed.

In addition to attackers’ ability to go unnoticed, their devices, too, perform covertly. Hardware attack tools operate on the physical layer, which goes uncovered by existing security solutions. The lack of physical layer visibility means that when a rogue device gets inserted into the ATM, it raises no security alarms.

With no security measures stopping the malicious actor or their attack tools, one can see the appeal of an ATM jackpotting attacks.

Sepio Protects Your Hardware Devices Through Layer 1 Visibility

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this, especially in the face of emerging threats like ATM Jackpotting Attacks. Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance asset risk management for financial institutions, protecting against threats like ATM Jackpotting Attacks. HAC-1’s deep visibility capabilities mean no device goes unmanaged. The solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

HAC-1 has successfully detected and blocked rogue devices at top tier banks’ ATMs. Give us just 24 hours to show you how we can protect your ATMs and stop you from becoming an attacker’s next slot machine.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

August 16th, 2021
Jessica Amado

Jessica Amado
Head of Cyber Research

Related Posts

  •
    ATM Cyber Security

    Read about ATM security threats and how to solve them. With no security measures detecting ATM hardware-based attacks, such as a black box attack, it is crucial to have L1 visibility in order to mitigate these attacks. Learn how Sepio can provide full L1 visibility.