• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

First ‘Jackpotting’ Attacks Hit U.S. ATMs

November 14, 2018 by Manogna Alahari 1 Comment

https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/

Jackpotting- Installing malicious software and/or hardware in an untheorized manner at the ATM machines which target the control of the dispense in order to Cash-Out the ATM.
Ability to connect a chord of ATM to a laptop and the press of a button to install malware and start controlling the ATM using the keyboard or an SMS message. ATMs of a particular manufacturer using Windows XP as OS on ATMs are prone to this attack, the manufacturer was recommended to upgrade the OS of ATMs to Windows 7.
I think there should not be an option to connect external machines with the ATM machine on site, even for repair, one needs to bring in a new machine replace with a new machine and only repair the machine at a centralized location.
If the above option is not feasible there should be an alert mechanism which alerts the nearest bank or police station when someone tries to connect an external device to the ATM at the site.

Filed Under: Week 12: Web Services Tagged With:

Reader Interactions

Comments

  1. Brock Donnelly says

    November 28, 2018 at 12:27 pm

    I agree the best option would be to eliminate field servicing but I don’t think it is financially feasible. Around 95% of all ATMs are running WIN XP and support for it is over. Now they will have to pay a subscription for service updates or upgrade the OSs. A cost is coming… BUT it still wouldn’t be as high as changing all their hardware.

    When Considering the total cost to have spare machines, enough for every market and their storage within a reasonable distance to that market, field servicing will be around for a while. An alert is a good idea. An alert might still be something that could be bypassed. Other then that I don’t have any better of a solution.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in