In a press release, Europol announced the arrest of two Belarusian citizens identified as the main responsible for a jackpotting campaign at ATMs in Europe, which allowed them to steal around 230 thousand Euros. These cybercriminals gained access to ATM cables by drilling small holes in them to connect directly to the attacking machine in an unusual combination of physical and digital compromise.
The investigation was coordinated by the European Union authority and the Joint Cybercrime Action Taskforce (J-CAT) group, which detected that these criminals used this “blackbox attack” in at least seven countries in Europe.
European authorities say threat actors are only attacking only a specific ATM model, although neither the manufacturer’s name nor the model name was revealed. The accused were indicted in Poland in mid-July thanks to cooperation with the authorities of Germany, Austria, Slovakia, the Czech Republic and Switzerland.
This incident is a sign that threat actors have extensive capabilities to compromise these devices. A previous report by security firm Malwarebytes claims that ATM devices are highly vulnerable to physical attacks and many of these machines operate with outdated systems such as Windows XP and do not have peripheral device verification mechanisms.
ATM security flaws have been a recurring theme at security conventions since hacker Barnaby Jack managed to demonstrate a jackpotting attack at the 2010 Black Hat USA. In the most recent edition of this convention, specialist Kevin Perlow presented his findings on the malware variants INJX_Pure and FASTCash, which allow the compromise of these machines and have facilitated the theft of millions of dollars around the world.
One of the latest ATM hacking campaigns involved the use of contactless technology for extracting sensitive information from payment cards, which involves an all too easy way to steal financial information.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.