As many banks have reduced branch networks, automated teller machines (ATMs) have become crucial components of the financial services infrastructure. However, this autonomy has also made ATMs more susceptible to hacking, exploitation, and physical breaches.
ATM “jackpotting” encompasses these issues. Criminals gain access to a machine’s cabinet—often using commonly available generic keys—then either inject malware into the existing system or replace the hard drive with an infected one. Once installed, the malware can compel the machine to dispense cash on command.
Although this technique isn’t new, the Federal Bureau of Investigation recently warned that incidents are increasing, citing more than 700 reported cases in the previous year, resulting in approximately $12 million in losses.
“The resurgence in ATM jackpotting in the U.S. underscores the maxim: ‘Everything old is new again,’” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “ATM jackpotting became popular back in the early 2000s when IBM discontinued OS/2, the operating system used by ATMs globally.”
“With that operating system’s retirement, ATMs transitioned to Windows,” she said. “This shift opened the door for attackers as vulnerabilities in the Windows OS could be easily exploited, either through network attacks or physical assaults that involved locally installing malware via a thumb drive. Like any connected device running common software, ATMs need regular scanning and software updates.”
On All Fronts
This fraud trend adds another layer of complexity for financial institutions already dealing with relentless attacks. Many schemes focus on account takeover or social engineering, pressuring customers to make payments or act as money mules.
Jackpotting underscores a parallel and troubling shift: criminals are leveraging advanced technology to directly attack banks’ systems. Sophisticated malware, similar in capability to tools used in ransomware attacks, can disrupt operations on a large scale.
Recent incidents illustrate the severity. An attack on payments provider BridgePay knocked down systems and left customers without service for weeks.
Pervasive Threats
All these technological threats are amplifying the impact of already significant fraud groups.
“This latest report does not emphasize new techniques or tactics attackers are using in their recent ATM-jackpotting sprees, but I suspect that the same methods that proved successful more than 20 years ago continue to be effective—a socially engineered attack against an administrator with privileged access allows for machine or physical compromise,” Goldberg said.
“Vigilance based on a zero-trust model remains the best approach for organizations to secure their networks and all devices, including ATMs, connected to them,” she added.