google-site-verification: google30a059f9a075f398.html

First ATM “jackpot” Attacks Hit U.S. ATMs – Cash Robbery

CyberWisdom Safe Harbor Commentary on ATM “jackpot” highlights a surprising malicious new crime onATM machine called ATM “jackpot” – a sophisticated criminal act in which thieves install malware and/or hardware at ATMs and force machines to distribute large amounts of cash on request – have long been a threat to European and Asian banks but are based on Somehow it has escaped the U.S. ATM operator. But all this changed after the U.S. intelligence agency quietly began to warn financial institutions that the first apprize of the ATM “jackpot” attack on the cash machines in the United States is currently occurring.

In order to carry out the first attack, thieves must first obtain physical access to the ATM. From there they can use the malware or specialized electronics (usually a combination of the two) to control the ATM’s operation.

ATM “jackpot” on Keyboard connected to the ATM port. Image: FireEye

On January 21, 2018, KrebsOnSecurity began hearing rumors of a jackpot attack (also known as a “logical attack”) that touches US ATM operators. I quickly contacted ATM giant NCR to see if they heard anything. NCR said at the time that it had received unconfirmed reports but did not produce any results.

On January 26, NCR consulted with its clients saying it had received reports from U.S. agents and other sources about the number one attack on U.S. ATMs.

NCR warned: “While these issues are currently focused on non-NCR ATMs, logical attacks are a problem across the industry.” This was the first case of loss identified by the United States as a result of a logical attack. This should be seen as a call for action to take the appropriate steps to protect one’s ATM from these forms of attacks and mitigate any consequences.

The NCR Memorandum does not mention the type of ATM “jackpot” malware used for U.S. ATMs. However, sources close to the incident said the U.S. Secret Service warned that organized criminal groups attacked stand-alone ATMs in the United States using the “Ploutus.D” number one malware attack first discovered in 2013.

According to the source – who was asked for anonymity because he was not authorized to speak – the Secret Service has received credible news that criminal is launching a so-called “cashier” to attack pre-installed automated teller machines made by ATM vendors Diebold Nixdorf.

The source said the secret service warned that in the past 10 days, thieves appeared to be using a series of coordinated attacks on Ploutus.D malware targeting the Opteva 500 and 700 series Dielbold ATMs and there are indications that further attack all over the country.

Read Me…

ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States. Engaging post, Read More…

thumbnail courtesy of

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » First ATM “jackpot” Attacks Hit U.S. ATMs – Cash Robbery