Two of the most prominent ATM makers in the world have warned the public about a so-called ATM jackpotting scheme that’s quickly spreading throughout the United States.
NCR Corp and Diebold Nixdorf Inc have raised alarms about a hacking tool used by cybercriminals to force cash machines into dispensing money. The scheme, known as ATM jackpotting, has allegedly reached the United States and is now spreading quickly.
In 2016, cybercriminals were able to cash out millions of dollars from ATMs in Taiwan and Thailand through jackpotting. Back then, the Federal Bureau of Investigation warned Americans that “well-resourced and organized” cybercriminals are potentially eyeing the U.S. as their next target.
While cash machines in the U.S. are said to be newer and have better protection than in other countries, they are still susceptible to hacking. In a report from Reuters, Diebold and NCR admitted that attacks have already occurred in the country. However, the two ATM manufacturers did not provide further details about how much money was taken or if there were individuals targeted by the attacks.
#Hackers are using 'jackpotting' hacks to steal from #ATM machines. #Cybersecurity #CybercrimeClick To TweetATM Jackpotting
For years, ATM jackpotting has been a major threat in most European and Asian countries. For a number of reasons, these sophisticated hacking attacks have not been commonplace within the United States. However, things changed this month when the U.S. Secret Service started warning financial institutions about potential attacks.
According to Krebs on Security, a security news and investigation site, they first heard of the jackpotting attacks, also known as logical attacks, on January 21st. Back then, NCR said they had received unconfirmed reports, but nothing substantial.
On Friday, however, NCR sent an advisory to its customers warning them about potential ATM attacks. Krebs was able to quote a part of the notice which reads:
“While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue. This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”
Diebold Nixford ATMs Targeted
Further reports said that ATMs manufactured by Diebold Nixford were attacked using a jackpotting malware known as Ploutus.D. A reliable Kreb’s source said that the Secret Service received information about organized criminal gangs activating “cash out crews” to attack front-loading Diebold Nixford ATMs.
Using this malware, the hackers are said to be targeting Opteva 500 and 700 series Diebold Nixford ATMs in a series of organized attacks. The hacking attacks reportedly happened these past few days and further investigation into the matter revealed that more attacks are being planned in different parts of the country.
“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs.” ~ U.S. Secret Service
“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” a part of the Secret Service’s alert reads.
The Ploutus.D Malware
According to FireEye, the Ploutus.D malware has to be installed manually on a targeted machine before it can be activated. The high-risk task, which may involve picking locks or destroying parts of the cash machine, is said to be carried out typically by “money mules” or low-level operators within a criminal organization.
“From there, the attackers can attach a physical keyboard to connect to the machine, and [use] an activation code provided by the boss in charge of the operation in order to dispense money from the ATM,” Daniel Regalado of FireEye wrote in a 2017 Ploutus.D analysis.
Once deployed to an ATM, Ploutus makes it possible for criminals to obtain thousands of dollars in minutes. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”
The Secret Service alert further stated that ATMs running on Windows XP are particularly vulnerable to a Ploutus.D attack. Following this, they are urging operators to update their operating systems to Windows 7 or higher OS.
I already got a programmed blank ATM card to withdraw 5,000 daily.
I am happy because I have already used it to get 200,000.
No one gets caught when using the card.
Get yours from kevin poulsen Hackers today!
You just have to send an email to (kevinpoulsenhackers595@gmail.com)
whatsapp no: 1 (928) 2727056
Telegram: @kevinpoulsen
signal: 1 7722028874
A month ago, I fell victim to a cryptocurrency investment platform after investing a huge sum of money into it and they logged me out of my Bitcoin wallet with a balance of 73,800 in bitcoins and requested I pay before I withdraw my funds. I had lost all hope to recover my money until I saw a testimony about Spyweb, the ultimate bitcoin recovery expert and hacker. I contacted them immediately and to my greatest surprise, I was able to gain access to my account in 24 hours. I’m truly grateful to Spyweb for their smooth recovery of my funds and I’m here to share this with everyone out there. You can contact them with the information below.
[spyweb@cyberdude.com]
[Coin_recovery@spyweb.tech]
A month ago, I fell victim to a cryptocurrency investment platform after investing a huge sum of money into it and they logged me out of my Bitcoin wallet with a balance of $73,800 in bitcoins and requested I pay %20 before I withdraw my funds. I had lost all hope to recover my money until I saw a testimony about Spyweb, the ultimate bitcoin recovery expert and hacker. I contacted them immediately and to my greatest surprise, I was able to gain access to my account in 24 hours. I’m truly grateful to Spyweb for their smooth recovery of my funds and I’m here to share this with everyone out there. You can contact them with the information below.
[spyweb@cyberdude.com]
[Coin_recovery@spyweb.tech]
I’m glad that I knew about darkwebonlinehackers @ gmail . com on time. With their advanced logs coupled with their expertise in wire transfers, they credited my account with $500,000. They also helped me to recover my crypto wallet which i forgot the password to.
Text & Call or What’s App: + 1 8 0 3 3 9 2 1 7 3 5