Experts Reaction On Malware That Spits Cash Out Of ATMs Has Spread Across The World

It has been reported that a joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks on ATMs in Germany in 2017 that saw thieves make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash, no stolen credit card required. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.

Please see below for commentary from cybersecurity experts.

Tim Erlin, VP of Product Management and Strategy ,  Tripwire
October 16, 2019
We won’t see hundreds of ATMs simultaneously jackpotted with this technique, but it’s still a problem for the ATM owners.
We like to think of cybersecurity as being limited to software, but the physical security of devices is part of the equation. If you logically protect a system, but leave exposed physical access, you have left risk unaddressed. Requiring that criminals physically access a machine to carry out an attack does limit the scalability of that attack technique. We won’t see hundreds of ATMs simultane ....
[Read More >>]
Boris Cipot, Senior Sales Engineer ,  Synopsys
October 16, 2019
Users should remember to be wary of USB sticks they insert in their machines, as they could be carrying malicious software.
An ATM is nothing but a computer connected to a safe that ejects cash through a mechanical system when certain commands are prompted. Normally, ATM operating systems are custom made to work on embedded computer systems, but nevertheless remain operating systems on which software is run, meaning they are vulnerable to being exploited by bad actors. In this case, the exploit was delivered with a U ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
October 16, 2019
The late Barnaby Jack demonstrated a version of this attack back in 2010.
ATM Jackpotting attacks are not new. The late Barnaby Jack demonstrated a version of this attack back in 2010. With the introduction of chips into cards, skimming has become more difficult, so it appears as if criminals are investing more time and resources into figuring out how to jackpot ATMs themselves. Many ATMs run a version of windows and if they can be physically tampered with, ports can be ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
October 16, 2019
Many ATMs are old and run on Windows XP or some other ageing operating system.
The fact that criminals can access a USB port on public ATMs is worrying, and securing that physical access should be the first priority. After that, updating the software on ATMs to prevent jackpotting attacks should be the next step. Many ATMs are old and run on Windows XP or some other ageing operating system. They might not receive official support from Microsoft anymore, so it's up to banks t ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article