ATM jackpotting is one of the prominent methods used by the cyber-criminals to invade and rob the ATM’s. Criminals use the hardware and software vulnerability of an ATM to get away with the cash. Attaching the malicious software along with the hardware to the ATMs allows jackpotting, which compels the ATM to dispense the money. Using the weaker targets and deception will limit the chances of criminals getting caught in the process. The criminals may dress up like staff or crew to avoid inspection and enter ATM’s. The ATM’s in the service and retail outlets along with the stand-alone ATMs that are far away from monitoring and surveillance are more sensitive targets of jackpotting. The cyber-criminals often target older machines that are not frequently updated.
The ATM jackpotting or logical attacks will not leak the customer’s information. But these attacks target the ATM devices for the cash. The issue faced due to ATM jackpotting is that there won’t be any funds left in the ATM after the attackers withdraw the money. The cyber-criminals who gets access to the ATM, if they don’t steal funds, there are high chances of installing other components and ATM malware. That can act like a doormat for the given period and later used when required. The cyber-criminals trick the ATM security systems by adding a protector, which makes each new sample unique. The various other features like updated interface, error handling routines, and limitation of the notes per dispense can be changed while performing ATM jackpotting.
The ATM jackpotting cyber-criminals follow several steps while attacking and robbing the ATM’s. The first step of ATM jackpotting includes gaining access to local/remote devices. Obtaining direct access to the ATM is to approach the USB port. Once USB is connected, the next step is to inject the malicious code into the ATM system. In the next level, ATM gets rebooted to the Standard mode, and ultimately comes in the control of the malicious program. And the final step is aimed at stealing the cash from the ATM devices.
The cyber-criminals connect the USB to ATM with the help of a screwdriver soldered with USB. The soldered USB is then connected to the USB port present in the back of the ATM. The thieves expose the USB port by popping open the flange in the front.
Another prevalent method to dispense funds is using ATM malware cards. Once installed, this card captures all the details of the customer’s card stealthily. They trigger the card function to withdraw the money from the ATM. The various ATM hacking tools such as ATM skimmers, GSM receivers, EMV skimmer, and RFID reader/writer are sold illegally. The ATMs all over the world have a similar structure and design, so the same ATM jackpotting tools are used while hacking an ATM.
Ploutus.D is one of the common malware installed in the ATM hard drive. This malware allows criminals to interact directly with the ATM’s computer system and force it to dispense money.
Cutlet Marker is another malware designed to spit the money from an ATM without the use of debit cards.
The malware called Koffiey Marker is a black box attack tool, used by the cyber-criminals to steal funds from ATM. The criminals connect a laptop with the ATM.
The malware called Tyupkin disables all the network connections, once it gains the physical access to the ATM. Even after spotting the problematic behaviour, the administrator won’t be able to shut it down.
In recent days, the criminals attack the ATMs with the help of malware infection rather than physically destroying the ATM devices as it provides them a safer way to dispense cash from ATM.
Some of the tips to avoid ATM jackpotting are as follows:
• Use updated software: using an outdated or legacy software in ATM would pose a higher risk of jackpotting. Upgraded and advanced software would provide complete security to OS and firmware.
• Guarding ATMs: The criminals usually prefer stand-alone ATM’s. So make sure that the ATM’s are adequately safeguarded and are less vulnerable to jackpotting.
• Keeping track of transactions: the code signing, and the custom keys should be issued to the customers by the bank to ensure secure ATM transactions.
• Blocking the malware: application whitelisting prevents the malware from entering the system, which is responsible for ATM jackpotting or ATM hacking.
• The users or the account holders should be made aware of the secure transactions and the various ATM hacks, which they could avoid. The most basic security measure to help protect from ATM hacks is providing a stiff password and implementation of two-factor authentication.
• Providing the bank employees with the cyber-security training, so that they won’t fall as a victim of cyber-criminals, can be considered as the safety measure. The hackers or cyber-criminals usually target the employee of a bank and steal his or her authorized credentials to plant the malware in the ATM servers, which provides them a more natural way to conduct ATM jackpotting.
The banking security experts at Netsentries have developed a series of hands-on vulnerability assessments that look at the entire ATM environment. We can identify software, hardware, and communication protocol vulnerabilities that can be exploited and provide remediation measures to effectively resolve them.
Please visit our website to know more about our ATM Security Assessment Services.