A week ago I reported to you that the Secret Service has just issued a warning to American banks about hackers being able to install malware inside ATMs enabling them to gain access to all of the money contained in the machines. This new technique is called “Jackpotting” and it has been used against banks in Europe and Asia for many years. The particular type of malware used is called Ploutus.D. An early version of this malware was used in Mexico in 2013. When the malware is activated, the ATM can be ordered to spit out money rapidly turning the ATM into a slot machine for the criminals. The attacks come in two phases with initial hackers posing as ATM maintenance technicians installing the malware and then in the second phase of the attack, criminals referred to as “mules” return to the ATMs at an opportune time to harvest the cash.
In my last posting on this subject I had warned that this crime would increase dramatically in the upcoming days and weeks ahead and, in fact, the Secret Service has now indicated that the first wave of Jackpotting has occurred in the United States with more than a million dollars stolen through hacked ATMs throughout the Pacific Northwest, the Gulf region and New England. More attacks are expected.
According to the Secret Service often the hackers target stand-alone ATMs in pharmacies, big box retailers and drive through ATMs. Making the problem worse is the fact that many ATMs still use outdated Windows XP operating system software. It was computers around the world using Windows XP that were attacked through a vulnerability exploited in the infamous WannaCry ransomware attack. The Secret Service has urged ATM makers to update their software to Windows 7 to avoid being vulnerable to this attack.
These attacks were first reported by security researcher Brian Krebs.
TIPS
For all of us as consumers, this problem will not affect our individual accounts, but poses a significant problem to banks around the country. ATMs made by Diebold Nixdorf seem to be particularly targeted by this specific malware. Meanwhile for all of us as ATM users the biggest personal threat remains ATMs that have been compromised by a skimmer.
To protect yourself from skimmers always look for signs of tampering on any ATM you use.  If the card inserting mechanism appears loose or in any other way tampered with, don’t use it.   Debit cards, when compromised through a skimmer, put you at risk of having the bank account tied to your card entirely emptied if you do not report the theft promptly and even if you report the theft immediately, you will lose access to your bank account while the matter is investigated by the bank.  Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture your PIN to enable the identity thief to access to your account. A FICO Card Alert Service report noted that 60% of skimmer attacks were done on private, non-bank ATMS so you may wish to avoid those ATMS when possible.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”