Jackpotting attacks, which are hacks that make ATMs spew money, are becoming increasingly common around the world.
Hackers equipped with black market software are targeting cash machines with dated software and substandard security and walking away with millions over the course of a series of attacks, according to a collaborative investigation by Motherboard and German newsroom Bayerischer Rundfunk. Though law enforcement agencies are tightlipped about the trend, it’s a sign that banks may be surprisingly vulnerable to cybercrime.
Previous reports claimed that jackpotting attacks have decreased since some high-profile 2017 attacks in Germany, but the new investigation reveals that the opposite is true.
“Globally, our 2019 survey indicates that jackpotting attacks are increasing,” David Tente, of the ATM Industry Association, told Motherboard.
Other sources, granted anonymity by Motherboard, described the same trend: “There are attacks happening, but a lot of the time it’s not publicized,” said one.
The German attacks and others throughout Europe seem to be carried out with Russian software called Cutlet Maker, which Motherboard reports can be bought for $1,000. In the U.S., a program called Ploutus.D is more popular.
Both programs can be installed into ATMs through a USB or other physical access point — though the hackers usually need to break into the ATM’s hardware to access it.
“The bad guys are selling these developments [malware] to just anybody,” David Sancho, a jackpotting expert at the cybersecurity firm Trend Micro, told Motherboard. “Potentially this can affect any country in the world.”
READ MORE: Malware That Spits Cash Out of ATMs Has Spread Across the World [Motherboard]
More on ATMs: Who the Hell Is Using the World’s 5,000 Crypto ATMs?