ATM jackpotting is a cyberattack type where a hacker forces an ATM to dish out significant quantities of cash. It’s like hitting a jackpot on a slot machine.

Attackers can use various tactics to compromise the systems. First, they can obtain physical access to the ATM by disguising themselves as maintenance technicians and introducing malware through USB or niche electronic gadgets that link directly to the system.

Furthermore, they may attempt to intercept and manipulate the communication between the ATM’s computer and the cash vending machine through a man-in-the-middle attack.

History of ATM Jackpotting

Jackpotting assaults started in Asia and Europe around the 2000s, garnering immense popularity because of their daringness. Initial jackpotting needed a more in-depth understanding of ATM structures, but solutions like ‘Plotus’, developed in Mexico around 2013, made it simpler to hack ATMs.

Jackpotting arose in the United States between 2017 and 2018, prompting law enforcement agencies to issue alerts and advice to financial firms. In exchange, ATM developers and financial firms upgraded their security by introducing sophisticated hardware encryption and more secure software, updating physical security measures, and applying behaviour analytics to spot anomalous trends.

How Does ATM Jackpotting Work?

ATM jackpotting requires physical access to an ATM. The attacker will also need a rogue device (a wireless hardware attack tool), such as a portable computer, that can cause harm, steal data, and disrupt the system’s normal operation.

Upon gaining access to the ATM system, the attackers remove the hard drive and any present antivirus programs. This allows them to install their malware, substitute the hard drive, and reboot the ATM. The whole process usually takes less than a minute.

ATM Jackpotting Methods

Malware-based Jackpotting

In this type of jackpotting, the attacker inserts a malware-infected USB device into the ATM’s USB port. The malware makes the system dish out cash, which the attacker collects.

The ATM will operate normally with other users, even with the malware installed. It only starts to dispense excessive cash when the attacker activates the malware.

The malware-based cash dispensers do not display withdrawal transactions on bank accounts. ‘Ploutus.D’ is a popular jackpotting malware example with several modifications that enable it to function smoothly on multiple ATM vendors.

Black Box Attack

In this case, the rogue devices are known as black boxes. They mimic the ATM’s internal computers, connect to dispensers, and dish out money. The black boxes also plug into the network cables and obtain cardholder information.

Despite ATMs having a maximum withdrawal limit per client or transaction, black box attacks act as the host system, making the machine instantly dispense all its cash.

How to Prevent ATM Jackpotting

Tips for Customers

Tips for Banks