ATM makers issue alert after 'jackpotting' hacks target US cash machines

ATM "jackpotting" is a sophisticated hack in which thieves gain physical access to the machine and, with the help of malware or specialised electronics, force ATMs to spit out huge volumes of cash.

NCR Corp., a leading ATM manufacturer, said in a advisory sent to its customers that it had received reports about "jackpotting" attacks, also known as "logical attacks", against US ATMs, but its equipment had not been affected in the recent attacks, security news website KrebsOnSecurity reported.

"This represents the first confirmed cases of losses due to logical attacks in the US," read the NCR alert.

"This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack(s) and mitigate any consequences."

However, NCR did not identify any victims or the amount of money stolen, Xinhua reported on Monday.

Meanwhile, ATM maker Diebold Nixdorf said in a separate alert that they were informed by US authorities about potential "jackpotting" attacks moving from Mexico to the US within the next days.

A confidential US Secret Service alert sent to banks said the hackers have been attacking stand-alone cash machines routinely located in pharmacies, big box retailers and drive-thru ATMs.

"During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs' operating system along with a mobile device to the targeted ATM," said the confidential alert.

Cyber criminals remotely attacked cash machines in more than a dozen countries across Europe in 2016, media reported, citing statistics from Russian cyber security firm Group IB.

According to Kaspersky Lab, a Russian cyber security firm, outdated computer hardware and software are among the reasons for ATMs vulnerability to hacks.

"It is quite possible that no exceedingly 'hi-tech' efforts are needed" to hack an ATM, wrote the company in a blog post in 2016.

The vast majority of today's ATMs still use Windows XP operating system, whose developer Microsoft had dropped its support since early 2014, said the company.

To reduce the risk of attack on cash machines, Kaspersky Lab suggested measures including updating ATM's journaling file system and implementing authenticated dispensing and cryptographic protection.

Olga Kochetova, security expert at Kaspersky Lab's penetration testing department, noted that it is the long-time disbelief that cyber criminals are only interested in cyber attacks against Internet banking that causes banks and their customers huge financial losses.

"They are interested in these attacks, but also increasingly see the value in exploiting ATM vulnerabilities, because direct attacks against such devices significantly shortens their route to real money," she said in the blog post.