ATM Cyber Attacks

ATM Cyber Attacks

ATM cyber attacks refer to any unauthorized attempt to exploit ATMs vulnerabilities with the purpose of gaining access to cash or sensitive information. One of the most prominent threats to ATM security is jackpotting cyber attacks, where malicious actors instruct the machine to dispense cash at a rapid pace, often resulting in a significant data breach.

Automated teller machines (ATMs) are prime targets for hackers due to the large amounts of cash inside them and the relatively easy access to obtaining it. Some ATMs can contain over $2,000 a day—amounting to over $14,000 a week or $56,000 a month. With money constantly coming in and going out, ATMs represent an attractive target for cybercriminals looking to exploit sensitive data.

ATM Cyber Attacks and Rogue Devices

ATM attacks have become more frequent. With the European Association for Secure Transactions (EAST) reporting a 269% increase in logical attacks between 2019 and 2020 (‘Black Box’ and Physical Attacks Against ATMs Surge). In 2021, two criminals carried out black box attacks across Europe and stole more than $273,000 from ATMs. However, direct monetary loss is not the only financial implication of ATM jackpotting attacks. Additional security risks such as reputational damage and loss of customers can have long-term financial impacts.

With cyber-attacks evolving, the worldwide presence of ATMs means that jackpotting cyberattacks are a global threat. In 2023, Diebold Nixdorf, a leading ATM manufacturer, issued an alert warning about the rising number of jackpotting cyber attacks in Europe. The attack tools, known as rogue devices, operate at the hardware layer, bypassing existing security measures like firewall and encryption. Their covert nature makes them extremely harmful, allowing them to go undetected and causing massive breaches.

Main ATM Cyber Attack Methods

ATM jackpotting attacks utilize three main methods: malware, black box and man in the middle devices. All require physical access to the ATM and the use of rogue hardware tools.

1. ATM Malware
Malware is a significant cybersecurity threat designed to infiltrate and exploit systems. In ATM jackpotting, attackers insert a USB device containing specific malware, such as CutletMaker or Ploutus D, into the ATM’s USB port. This malware instructs the ATM to dispense cash, which the attacker collects. Ploutus malware, first seen in Mexico in 2013, has caused over $450 million in global losses. These cyber-criminals typically use ransomware and other malicious techniques to exploit these vulnerabilities.

2. Black Box Attacks
In a black box attack, the perpetrator connects a device (often a Raspberry Pi) to the ATM’s internal cash dispenser. This device sends commands to the dispenser, prompting it to release cash. Similar to malware attacks, an accomplice usually retrieves the money quickly. Research indicates that 69% of ATMs are vulnerable to black box attacks, and many of these incidents go unreported, especially as cybercriminals hide their tracks using data-security tactics.

3. Man-in-the-Middle (MiTM) Attacks
Hackers intercept and manipulate the communication between the ATM and the bank’s network, allowing them to steal data or alter transactions. Such attacks compromise authentication protocols, encryption measures, and overall information-systems security, resulting in data breach and financial loss.

Black Box Attack Exposure
Nearly 70% of ATMs are exposed to back box attacks. Positive Technologies 2018

ATM EndPoint and Network Cybersecurity

Heavy investment in cybersecurity should yield high returns, but visibility gaps limit its effectiveness—especially when combating emerging threats like jackpotting ATM cyber attacks. Denial-of-service attacks, intrusion, and phishing schemes are just a few of the tactics used by hackers to compromise ATM systems.

Sepio’s platform provides a panacea to gaps in asset visibility to ensure you are getting the most out of your cybersecurity investments. Sepio integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance asset risk management for financial institutions. This deep visibility means that no device goes unmanaged, making it much harder for cyber-criminals to exploit ATM vulnerabilities.

Sepio has successfully detected and blocked rogue devices at top-tier banks’ ATMs. In just 24 hours, we can show you how to secure your ATMs against jackpotting attacks and prevent further compromise.

Protect Against ATM Cyber Attacks

Don’t let your ATM systems become the next victim of hacking and cybercrime. Schedule a demo with our security experts to discover how Sepio’s patented technology can fortify your ATM security and protect against ATM cyber attacks.

Read the ATM White Paper (pdf)
July 19th, 2022