https://arstechnica.com/information-technology/2020/07/crooks-are-using-a-new-way-to-jackpot-atms-made-by-diebold/
By Dan Goodin
Ars Technica
July 20, 2020
Diebold Nixdorf, which made $3.3 billion from ATM sales and service last year,
is warning stores, banks, and other customers of a new hardware-based form of
“jackpotting,” the industry term for attacks that thieves use to quickly empty
ATMs.
The new variation uses a device that runs parts of the company’s proprietary
software stack. Attackers then connect the device to the ATM internals and
issue commands. Successful attacks can result in a stream of cash, sometimes
dispensed as fast as 40 bills every 23 seconds. The devices are attached either
by gaining access to a key that unlocks the ATM chassis or by drilling holes or
otherwise breaking the physical locks to gain access to the machine internals.
In previous jackpotting attacks, the attached devices, known in the industry as
black boxes, usually invoked programming interfaces contained in the ATM
operating system to funnel commands that ultimately reached the hardware
component that dispenses cash. More recently, Diebold Nixdorf has observed a
spate of black box attacks that incorporated parts of the company’s proprietary
software.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
