Hackers Jackpots Diebold ATMs
Hackers are using a black box with proprietary code to illegally steal cash from ATMs across Europe. Hackers are using software from ATM manufacturer Diebold in a series jack potting against ATMs across Europe, forcing the machines to dispense cash to the hackers. Hackders are using the black-box device are targeting Diebold's ProCash 2050xe USB terminals. Diebold thinks that the device used in the attacks contains parts of the software stack of the ATM. It's not clear how hackers gained access to the internal software of the machines. However, a previous offline attack against an unencrypted hard disc of the machine could be how hackers accessed the software.
Jackpotting attacks are attacks where hackers find a way to hack into an ATM machine to trigger the machine to release cash like a slot machine at a casino. The recent attacks observed by Diebold are black-box dispenser attacks, where hackers target outdoor systems, destroying parts of their cover to gain physical access to the control panel of the machines.
To jackpot the machine, hackers unplug the USB cable that connects the CMD-V4 dispenser and connect them to the black box so they can send fake dispense commands. There are several other ways that hackers can jackpot cash machines, including another black-box technique that plugs into network cables on the exterior of an ATM to record cardholder information. In this way, hackers can change authorized withdrawal amounts from the host, or masquerading as the host system to spit out large amounts of cash.
Another type of attack on is through phishing emails sent to network administrators at the financial institution that owns the machine. The emails attempt to install malware that can later use administrative software providing remote access to ATMs to install malware on terminals that hackers use to jackpot them.
Diebold is one of the top players in the ATM market, earning $3.3 billion in sales last year from its ATM business, which includes both selling and servicing machines around the world. To mitigate attacks, Diebold suggests implementing the latest protection on the machines by using only software updated with current security functionality and ensuring encryption is active on the terminal.
At this time, it does not appear that hackers in the current wave of Diebold attacks are accessing cardholder information. The company also advised customers to implement hard-disk encryption mechanisms to protect the terminal from software modification and offline attacks, as well as limit physical access to the machine to prevent access by destroying the machine facade, as occurred in the current spate of jackpotting attacks.