Panda SecurityATM jackpotting involves fraudsters exploiting ATM vulnerabilities and deploying malicious code. That tricks the ATM into dispensing cash without a legitimate transaction. The vulnerabilities exploited by the bad actors can take various forms and be both physical and software-related. Experts call it ATM jackpotting because criminals’ code tricks the ATM into dispensing all the money from its tray. Like a slot machine jackpot.
Key takeaways
- ATM jackpotting is a growing threat in the USA, resulting in tens of millions of dollars in losses every year.
- Regular customers are not directly at financial risk when ATM jackpotting attacks occur.
- Organized crime heavily orchestrates the attacks, and the FBI is actively fighting them.
- The dominant method is malware installation that tricks the ATM into emptying the money trays.
How often is ATM jackpotting happening in the USA?
The FBI recently issued a security advisory stating that there has been a spike in malware-enabled ATM jackpotting incidents across the United States, resulting in tens of millions of dollars in losses last year alone. Criminals find ATM attacks lucrative because these machines often hold more than $100,000, especially right after they refill them.
Can regular people lose money because of ATM jackpotting?
Not really. As ATM jackpotting makes the ATM dispense all banknotes directly from the ATM, not from personal accounts, the banks take a direct hit from ATM jackpotting attacks, with customers only having the inconvenience of not being able to use the ATM after the attack until the owners top it up again.
Who are the people behind the attacks?
It is currently unknown who the major actors are behind the increasing number of attacks. However, experts assume that overseas criminals orchestrate many of the attacks, and law enforcement has noticed that those who collect the ATM jackpots are often foreigners and mules. Investigators have linked members of the Venezuelan terrorist cartel Tren de Aragua (TdA) to these attacks.
How do criminals manage to execute the attacks?
There are four major ways used by cybercriminals: physical tampering, malware installation, direct hardware bypass, and command execution. The one that stands above the other three is the malware installation of Ploutus family variants. Newer, updated ATMs stand a better chance against the ever-evolving criminal tactics, with older, dated ATMs being the primary targets of such attacks.
Even though this is not a direct threat to ATM customers, ATMs remain attractive targets for criminals. Apart from fraudsters hanging around ATMs trying to physically steal cash or obtain a PIN code to commit fraud, ATMs are often tampered with, including with hidden cameras, skimming devices, and other technologies that aim to steal personal and banking information. Being on the lookout for any suspicious behavior is always advisable when withdrawing cash from an ATM.
