ATMs Hit By Malware “Jackpotting” Attacks That Dispense All Cash In Minutes

Wednesday, January 31, 2018
By Paul Martin

By: GoldCore
Wednesday, 31 January 2018

– FBI warns of attacks in US after similar crimes in Taiwan, Thailand and Europe
– Hackers have stolen c.$1 million from ATMs across the US warns U.S. Secret Service
– Target Diebold Nixdorf machines – #1 global ATM provider, 35% of ATMs worldwide
– Digital deposits increasingly vulnerable – Time to save in physical gold

$1 million has been stolen from ATMs across the United States by hackers in a new hacking approach known as ‘jackpotting’. Using malware and an endoscope hackers are able to force cash machines to spew out their entire holding of cash.

Once the machine has been emptied the malware, known as Plotus. D, has handed over complete control to the hackers and displays an ‘Out of Service’ message.

This week a memo was leaked from the US Secret Service regarding this discovery. It stated that it was only a matter of time that the US became a target for this type of hacking, given it has already been seen in both Europe and Asia.

According to Russian cybersecurity firm Group IB, dozens of remote attacks were reported in 2016 within Europe.

Plotus.D is not a new discovery for security services, background reading suggests that they have been aware of it for a while now. An alert issued by the US Secret Service, states:

“In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds…Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash.”

In fact, it was first seen in Mexico in 2013, as described by security firm FireEye in 2017. They concluded that it was “one of the most advanced ATM malware families we’ve seen in the last few years…

“Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes,” They believe the malware can be modified to use against 40 different ATM vendors in 80 countries.

No longer need to ‘blow the bl**dy doors off’

As Wired magazine pointed out last year, it used to be that robbers needed to either blow up or physically steal an entire ATM in order to steal its contents. Now there are two, far more subtle routes. A simple physical hack or one which goes through the bank’s own software system.

Due to the nature of cybersecurity threats these days, it is getting harder for hackers to access a bank’s back-end network as it requires a far more sophisticated network intrusion skills. Conversely, hacking physically through the front of a machine does not trigger any alarms and can be done relatively cheaply and easily.

Even more convenient for the hackers, physical attacks on machines means the banks or ATM issuers cannot do a remote fix across all machines, each one has to be repaired individually. Giving the hackers more time to access as many ATMs as they can.

How can this be managed? Wired magazine believe this may be an unsolvable problem:

Physical attacks on ATMs are, in some sense, an unsolvable problem. Computer security experts have long warned that no computer should be considered secure if an attacker takes physical control of it. But weak encryption and a lack of authentication between components leaves ATMs particularly vulnerable to physical attacks—access to any part of the insecure machine Kaspersky describes means access to its most sensitive core. And for computers that are left standing unprotected on a dark street in the middle of the night, stuffed full of money, a little more thought to digital security might be a worthwhile investment.

The Rest…HERE

Leave a Reply

Join the revolution in 2018. Revolution Radio is 100% volunteer ran. Any contributions are greatly appreciated. God bless!

Follow us on Twitter