Diebold Nixdorf and NCR sent out an alert to their customers over the weekend, but did not identify victims or specify how much money had been stolen. The US Secret Service started warning financial institutions that jackpotting was now a risk in the US last week, having started in Mexico last year, according to a confidential alert seen by Krebs on Security.
Diebold Nixdorf said that authorities had warned the company that hackers were targeting its Opteva ATM model, which went out of production several years ago.
NCR said: “This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack.”
Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details. Hackers require physical access to the cash machine using specialized electronics and malware to take control, including an endoscope.
Once taken over, the machines can be forced to dispense money at a rate of 40 notes every 23 seconds until it is empty, according to the Secret Service. The only way to stop the machine spitting out cash is to press the cancel button on the keypad.
Criminals have been targeting cash machines in pharmacies, retailers and drive-through ATMs, according to the Secret Service.
Attackers in Mexico have been using variants of the Ploutus malware, first spotted in 2013, according to security firm FireEye. It is believed that US cybercriminals are using similar techniques.
“Once deployed to an ATM, Ploutus-D makes it possible for a money mule to obtain thousands of dollars in minutes,”…