Secret Service Issues ATM Attack Warning

Malicious malware forces machines to cough up large volumes of cash on demand

CHICAGO -- The U.S. Secret Service has reported jackpotting attacks against ATMs in the United States and has issued a warning to businesses to be alert for similar schemes on their machines.

Jackpotting is a form of theft in which the perpetrator infects an ATM with malware or connects the machine to specialized electronics to control the device, taking cash at will.

The hackers are reportedly targeting front-loading ATMs manufactured by North Canton, Ohio-based Diebold Nixdorf. Specifically, the thieves appear to be targeting the Opteva 500 and 700 series Diebold ATMs, according to online news source Krebs on Security. The thieves reportedly pose as ATM service technicians to gain access.

The weapon of choice for these attacks is a strain of jackpotting malware known as Ploutus.D. The Ploutus.D malware family was first discovered in Mexico in 2013, the first reported instance of criminals attaching an external keyboard to an ATM in order to empty it.

The U.S. Secret Service has released a public statement on the attacks. “Criminals have been able to find vulnerabilities in financial institutions that operate ATMs, primarily ATMs that are stand-alone,” it said. “The targeted stand-alone ATMs are routinely located in pharmacies, big-box retailers and drive-thru ATMs. Criminals range from individual suspects to large organized groups, from local criminals to international organized crime syndicates.”

The statement also reported that the Electronic Crimes Task Force is coordinating with the private sector and other law enforcement agencies to apprehend the criminals responsible. ATMs running on Windows XP are especially vulnerable, according to the statement, and should be upgraded to Windows 7 to help prevent against this type of attack.

A statement from Diebold Nixdorf includes tips for its customers who wish to take additional measures to protect their ATMs. Broadly, the suggestions are to limit physical access to the ATM, implement protection mechanisms for cash modules and take additional measures to track and manage the ATM’s security.

Want breaking news at your fingertips?

Get today’s need-to-know convenience industry intelligence. Sign up to receive texts from CSP on news and insights that matter to your brand.


More from our partners