I have been warning you about security issues with ATMs for many years, primarily related to “skimmers” which are devices installed by criminals on ATMs that read your card and use that information to ultimately steal from your bank account, however on a larger scale, the Secret Service has just issued a warning to American banks about hackers being able to install malware inside ATMs enabling them to gain access to all of the money contained in the machines. This new technique is called “Jackpotting” and it has been used against banks in Europe and Asia for many years. The particular type of malware used is called Ploutus.D. An early version of this malware was used in Mexico in 2013. When the malware is activated, the ATM can be ordered to spit out money rapidly turning the ATM into a slot machine for the criminals. The attacks come in two phases with initial hackers posing as ATM maintenance technicians installing the malware and then in the second phase of the attack, criminals referred to as “mules” return to the ATMs at an opportune time to harvest the cash.
These attacks are predicted to increase dramatically in the upcoming days and weeks ahead. Making the problem worse is the fact that many ATMs still use outdated Windows XP operating system software. It was computers around the world using Windows XP that were attacked through a vulnerability exploited in the infamous WannaCry ransomware attack. The Secret Service has urged ATM makers to update their software to Windows 7 to avoid being vulnerable to this attack.
These attacks were first reported by security researcher Brian Krebs.
TIPS
For all of us as consumers, this problem will not affect our individual accounts, but poses a significant problem to banks around the country. ATMs made by Diebold Nixdorf seem to be particularly targeted by this specific malware. Meanwhile for all of us as ATM users the biggest personal threat remains ATMs that have been compromised by a skimmer.
To protect yourself from skimmers always look for signs of tampering on any ATM you use.  If the card inserting mechanism appears loose or in any other way tampered with, don’t use it.   Debit cards, when compromised through a skimmer, put you at risk of having the bank account tied to your card entirely emptied if you do not report the theft promptly and even if you report the theft immediately, you will lose access to your bank account while the matter is investigated by the bank.  Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture your PIN to enable the identity thief to access to your account. A FICO Card Alert Service report noted that 60% of skimmer attacks were done on private, non-bank ATMS so you may wish to avoid those ATMS when possible.