Secret Service warning: Jackpotting ATM attacks reach the US

Attacks targeting ATMs, called “jackpotting,” which have been seen in Europe and Asia for some time, have now reached the US, according to a recent alert from the US Secret Service obtained by Brian Krebs.

One of Krebs’s sources reported that the Secret Service is warning about the appearance in the US of ATM malware known as Ploutus.D, which has been actively in use for ATM jackpotting since 2013.

The Secret Service alert also warns that ATMs running Windows XP are “particularly vulnerable” and advises updating them.

Yes, there are still ATMs running Windows XP.

And yes, people still need reminding that it’s time to update – even extended support for the stripped-down Windows XP Embedded ended more than two years ago.

How the attack works

Jackpotting attacks usually happen in two stages.

First, an attacker performs some basic reconnaissance to figure out a way in to the ATM – usually a model with a front-facing panel, as it’s easier for the attacker to access.

Next, the attacker connects a computer up to the ATM, and either swaps out the hard drive entirely or gains access to the ATM’s software and operating system.

In order to evade suspicion, the attacker may pose as an ATM technician so they can hook up the computer to the ATM out in the open.

Once connected to the machine, the attacker will deploy malware that puts the ATM under their control while appearing to be out of service.

In the second stage, which can happen at a later and less conspicuous time, attackers return to the compromised ATM and command it to quickly dispense all its cash – this usually happens within just a few minutes, according to the report by Krebs.

ATMs remain a tantalizing target

Jackpotting isn’t the only reason that cybercrooks might show up in the vicinity of your local ATM – there’s also card skimming and “casher crew” raids for financial institutions to worry about.

There’s a common thread running through these attacks: they’re not solo operations, as they usually have multiple criminals coordinating the various steps to hit the ATMs and get away with the cash as quickly as possible.

Right now it’s not clear how widespread the new jackpotting attacks are in the US, but it’s clearly something the Secret Service isn’t taking lightly.