Diebold Nixdorf has issued a warning of a wave of jackpotting attacks against ATM in a number of European countries, with the vast majority directed at ProCash 2050xe USB terminals.
Jackpotting attacks target ATMs to steal money from the machines. Other attacks use devices on ATMs to clone and steal credentials of regular customers, but jackpotting goes directly after the money. It’s a much more complex attack that requires knowledge of the ATM’s inner workings, and it’s much more challenging to pull off.
In these recent attacks, criminals destroy parts of the fascia to access the hardware, disconnect the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC. They then connect their black box and send commands to the machine, allowing them to dispense money.
The biggest problem with this method, aside from the theft, is that the attacker likely has access to the software stack or at least some part of it, which they use in their black boxes.
“Some incidents indicate that the black box contains individual parts of the software stack of the attacked ATM,” says the company in the advisory. “The investigation into how these parts were obtained by the fraudster is ongoing. One possibility could be via an offline attack against an unencrypted hard disc.”
So far, it looks like most attacks affected the ProCash 2050xe USB ATM, which means that the criminals might have access to the software stack for that specific model. In any case, the company advises banks to update the software stack to the latest versions, use a secure configuration of encrypted communications, and get the latest firmware for their devices.
Since this is also a physical attack, terminal operators are advised to frequently inspect the ATMs and control access to areas used by personnel to service them.