Jackpotting, an older ATM theft technique, could show security operations team members what to look out for when it comes to Internet of things (IoT) attacks in general, and even election machine vulnerabilities.
This technique first entered the U.S. cybersecurity lexicon in 2018, when Brian Krebs warned of attacks at American ATMs. Jackpotting, Krebs explains, is “a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand.”
The target was usually stand-alone ATMs, almost always from those manufactured by Diebold Nixdorf, an American multinational financial and retail technology company. Criminals needed physical access to the ATM. Then, they used a jackpotting malware called Ploutus.D and special electronics to take over the machines. When done right, jackpotting offered a very large and very fast payout, like a slot machine gone wild, but with paper money instead of quarters.
While jackpotting does happen in the United States, this type of cyber theft is more common in Europe and Asia where ATMs are less protected. Still, it is a complicated crime to commit, since the nature of the crime requires physical proximity to the machine to both set up the crime and grab the cash. Sure, the ready cash is the big draw, but even in places with minimal law enforcement, why do criminals make the effort?
It boils down to out-of-date operating systems on ATMs. It is not uncommon to find unsupported Windows OS on ATMs (or other internet-connected devices). Windows XP is still very popular in this area, even though it was retired in 2014. To remain ..
Support the originator by clicking the read the rest link below.
