Security at ATMs remains an issue affecting banking institutions around the world, experts from a hacking course mentioned. Recently, ATM manufacturer Diebold Nixdorf recognized an increase in jackpotting attacks against its ProCash model ATMs in some European countries.
Apparently, the most recent attacks have been carried out using a new method that further complicates things for the company and users.
Threat actors remain dependent on the use of an external device, although this new method also seems to involve parts of the software stack of compromised cashiers. The analysis is still in process, so more information may eventually arise.
What is this new attack?
As experts of a hacking course mention, jackpotting refers to an attack variant that involves extracting all the cash from an ATM illegitimately. In this new attack variant known as “black box”, attackers connect their own devices to the machine, compromising the system completely.
In recent incidents, attackers focus on external systems and are destroying parts of the fascia to gain physical access to the inner compartments. The hackers then disconnect the USB cable between the CMD-V4 dispenser and the electronic device, or a special cable. This cable is connected to the attacker’s black box to send illegitimate commands.
According to the specialists of the hacking course, the black box contains individual parts of the software stack of the attacked ATM. Research suggests that scammers use an unencrypted hard drive with an offline attack.
Just a few days ago, a banking institution in Europe had to close more than 140 ATMs after suffering two consecutive attacks via jackpotting, although the extent of the total losses is ignored.
In response to the increase in these kinds of attacks, Diebold Nixdorf has issued a number of recommendations to contain these incidents:
- Implement protection mechanisms for modules that store cash
- Use the software stack with the latest security functionality
- Use the most secure settings for encrypted communications, including physical authentication
- Limit physical access to the ATM
- Control access to areas used by staff to service the ATM
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.