Researchers discovered a new track of ATM jackpotting attack through infamous ATM malware called “Cutlet Maker” which is now rapidly growing up around the world.
Cutlet Maker malware specially designed to spit the cash from an ATM machine without using a debit card and the malware initially attack ATM ‘s in Germany in 2017. In which attackers stole millions of dollars from various ATM centers.
The attack referred to as ATM jackpotting where attacker uses malware like Cutlet Maker or piece of hardware to trick the ATM by taking advantage of vulnerability or misconfiguration to ejecting the cash from an ATM.
GBHackers previously reported that the ATM malware like Cutlet Maker being advertising in the underground hacking forum to compromise the ATM machine by exploiting the vulnerabilities that reside in the ATM controller.
The price of the malware kit was 5000 USD at the time of research. It includes details such as the required equipment, targeted ATMs models, as well as tips and tricks for the malware’s operation. And part of a detailed manual for the toolkit was also provided.
We reported several ATM malware attacks in the last two years including KoffieMaker that used by cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser, ATMJackpot that steal the data related to the cash dispenser, PIN pad, and card reader information.
Since then the first Cutlet Maker ATM malware attack spotted, now hackers continuously targeting other countries including U.S., Latin America, and Southeast Asia and it target the specific bank and ATM manufacturers.
In another case, “Officials in Berlin said they had faced at least 36 jackpotting cases since spring 2018 and authorities have recorded 82 jackpotting attacks in Germany across different states in the past several years, resulting in several thousand Euro being stolen. They declined to name the specific malware used.”
According to Motherboard report “It’s important to remember ATM jackpotting is not limited to a single bank or ATM manufacturer, though. It is likely the other attacks impacted banks other than Santander; those are simply the attacks our investigation identified.”
ATM jackpotting attack is familiar for very old, slow machines and the machine that didn’t get the proper security updates are the sources familiar with ATM attacks.
According to European Payment Terminal Crime Report for first half of 2019 “ATM malware and logical attacks against ATMs were down 43% (from 61 to 35) and all bar one of the reported ‘jackpotting’ attacks are believed to have been unsuccessful in Europe. Malware was used for 3 of the attack attempts and the remainder were ‘black box’ attacks.”
But other sources familiar with ATM attacks said jackpotting attacks are increasing in worldwide in this year.
In order to execute a jackpotting attack, hackers need to access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack.