Cybersecurity, Privacy and Data Protection Alert: Cyber Criminals Bet on ATM "Jackpotting"

“Jackpotting” occurs when cyber criminals deploy malware onto an ATM which allows the machine to be emptied of all of its cash. While it originated in Asia and Europe, “jackpotting” has now spread to the United States, and all banks should be keenly aware of how to mitigate their risk.

The United States Secret Service released an Electronic Crimes Task Force Bulletin in March detailing the number of ways criminals employ malicious malware to ATMs.

These tactics include:

• Hard Disk Drive Replacement
• Hard Disk Drive Alternative Boot Attack
• Hard Disk Drive Removal/Offline Malware Infection
• Direct Malware Insertion Utilizing Removable Media
• Malware Insertion Utilizing Alternative Boot

According to the bulletin, this scheme has been utilized over 100 times in 15 states from May 2017 to March 2018. With the spread of “jackpotting,” it is likely more sophisticated forms of the scheme will spread to the United States. One of the newest versions of “jackpotting” uses malware, dubbed “ripper,” that can take control of the ATM using an infected EMV chip card to dispense cash. This technique was first utilized in Thailand in 2016, when 21 ATMs were targeted, resulting in a loss of approximately $362,000.

A similar version of “ripper” malware can also be downloaded remotely by breaching a bank’s security system. “Ripper” was remotely used by cyber criminals in Eastern Europe to withdraw $2.5 million in Taiwan in 2016. The remote deployment of the malware occurs by either utilizing phishing schemes against bank employees to gain credentials or exploiting a weakness in a bank’s security systems to take control of the ATM remotely and direct the machine to dispense cash to a co-conspirator.

For banks, the most common target is drive-thru ATMs. Current best practices in guarding against ATM heists include:

• Encryption of data
• Updating firmware and operating system
• Monitoring loss of connectivity to the internet

As cyber criminals continue to morph their tactics to attack ATMs, banks should remain vigilant and continue to invest in the most innovative technology to thwart their efforts.