It seems like only yesterday that thieves were using skimmers to hijack cash from ATM. But the tactic wore thin as more and more ATM card users became aware of it and took measures to make sure they didn't become victims.
However, the crooks have stepped up their game, and ATM manufacturers are playing catch-up. For an overview, see Jackpotting, the hacking scheme where hackers make ATMs spit out cash like slot machines, is here. Here's an excerpt:
Small-scale jackpotting attacks were reported sporadically in many countries over the next few years, according to Reuters. They finally went big time in 2016.
A gang stole $13 million from Japanese ATMs in three hours that spring, Fortune wrote. In the summer, loose cash was spotted fluttering around dozens of First Commercial Bank ATMs in Taipei, Taiwan.
First Commercial subsequently froze withdrawals at more than 1,000 ATMs, according to the BBC. A police investigation revealed masked thieves had been waiting in front of the hacked machines and carried cash away by the bag load - more than $2 million across the country.
The Government Savings Bank in Thailand was hit with a similar attack the next month, the Wall Street Journal reported. As it warned of the potential for attacks in the U.S., the FBI said the jackpotters impersonated ATM vendor employees in phishing emails to gain security access.
The Diebold Nixdorf ATM machines appear to be the most vulnerable. At the dieboldnixdorf blog we find this: Not Just Ploutus: Protection Against ATM Malware Attacks. There we see malware names such as Ploutus Ripper, Alice, Tyupkin, Green Dispenser "and a whole range of others." They can't specify how the thieves get the malware into the machine, but they offer some recommendations. Specifically, limit access to the ATM, harden the software stack, keep up with what's going on with the hardware, software and the physical machines.
The modern day Bonnies and Clydes are out there somewhere writing malware.
------
3:03 PM 2/2/2018