When Hitting The Jackpot Means…
You Lose!

A New Threat to ATM Machines Has Arrived to the U.S.

When we first heard about the term jackpotting, we thought “how exciting!” It felt like time to go to Vegas or somewhere else that had slot machines and card tables in order to claim our share of the big winnings.

But when the term jackpotting came directly from the Secret Service as a warning to U.S. banks—the domestic ATMs had been the target of jackpotting attacks—it made us think twice. What on earth was going on?

Thanks to Krebs on Security, we discovered the details about how this crime works, in which “thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand.” The cash on demand part sounds interesting, but for ATM owners, the malicious part does not.

Interesting fact about this is that hackers have used a doctor’s endoscope—a tool used in medicine to look inside the body—to connect to cash machines. A pretty innovative hack that crosses industry applications. A report by ABC News said that thieves often pose as technicians, even wearing a uniform in some cases.

It all started with Cutler Maker, and we’re not talking about making chicken for dinner. This is actually the name of the malware package that helps thieves retrieve money from ATMs. A Forbes magazine article about the attacks suggests the unusual name might derive from the Russian slang term ‘Cutlet’ that means a bundle of money, since jackpotting original was an international phenomena that did not seem to be affecting the U.S. until the recent warning from the Secret Service.

So you’re probably wondering, is my ATM at risk? Well, it never hurts to take precautions. Data is showing that stand-alone ATMs have been the most common target of jackpotting schemes, with multiple news outlets referencing ATMs located in “pharmacies, big box retailers, and drive-thru ATMs.” If your ATM is visible to the public, and easy to observe, it might pose less of a target.

ATMs running Windows XP are more vulnerable than others, so one simple way to lower your risk is to upgrade your ATM to a current operating system.

Krebs on Security offers these tips to prevent jackpotting such as:

  1. Control physical access to the ATM.
  2. Update to the latest firmware.
  3. Investigate suspicious activity.

As Benjamin Franklin would say “an ounce of prevention is worth a pound of cure.” So being aware of the jackpotting problem and some tips to minimize risk, is definitely a start in the right direction.