Researchers were able to track down a new ATM jackpotting attack which is said to have been performed through infamous ATM malware called “Cutlet Maker. A joint investigation revealed that “jackpotting” attacks on ATMs were prevalent in Germany in 2017 and thieves had managed to make off with more than a million Euros. Jackpotting is a technique where cybercriminals use malware or a piece of hardware to trick an ATM into ejecting all of its cash without the use of a stolen credit card. Hackers typically install the malware onto an ATM by physically opening a panel on the machine to reveal a USB port.
During an ATM jackpotting, the malware of the connected hardware tricks the ATM by taking advantage of vulnerability or misconfiguration to ejecting the cash from an ATM.
Since then the first Cutlet Maker ATM malware attack spotted, now hackers continuously targeting other countries including U.S., Latin America, and Southeast Asia and it target the specific bank and ATM manufacturers
A SCREENSHOT OF THE CUTLET MAKER CONTROL PANEL. IMAGE: TWITTER ACCOUNT OF @CRYPTOINSANE
ATM jackpotting attack is familiar for very old, slow machines and the machine that didn’t get the proper security updates are the sources familiar with ATM attacks.
“In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack,” David N. Tente, executive director of USA, Canada & Americas at the ATM Industry Association (ATMIA), said in an email.