According to a new report from ATM manufacturer Diebold Nixdorf, there is a campaign of jackpotting focused on European ATMs. Jackpotting is an attack where criminals force an ATM to dispense money illegitimately, usually by manipulating the software in the machine. In this case, Diebold Nixdorf states the following about the jackpotting attacks its ATMs are facing:
In the recent incidents, attackers are focusing on outdoor systems and are destroying parts of the fascia in order to gain physical access to the head compartment. Next, the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC,was unplugged.
This cable is connected to the black box of the attacker in order to send illegitimate dispense commands. Some incidents indicate that the black box contains individual parts of the software stack of the attacked ATM. The investigation into how these parts were obtained by the fraudster is ongoing. One possibility could be via an offline attack against an unencrypted hard disc.
Diebold Nixdorf’s security alert gives recommendations on how to counteract the jackpotting attacks. The first line of defense is making sure that the software stack is as secure as possible. This means implementing the software stack with the most recent security functionality, utilizing hard disk encryption to stop tampering, and introducing IDS (Intrusion Detection Systems) to recognize unauthorized access. Diebold Nixdorf also recommends that physical access be restricted. This means securing any areas used by service personnel, and additionally, utilizing multifactor authentication for any access control protocols used by technicians.
Diebold Nixdorf says the hackers have not stolen personal data such as card numbers in this jackpotting campaign. Customers of the company are encouraged to get into contact with their local Diebold Nixdorf security expert to answer any more questions.
Featured image: Diebold Nixdorf