In this attack, a black box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine.
The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs.
This week, Diebold Nixdorf, a leading manufacturer of ATM machines, has issued an alert to customers warning all banks of a new variant of ATM black box or jackpotting attacks.
The alert was issued after the Agenta Bank in Belgium was forced to shut down 143 ATMs after a jackpotting attack.
All the compromised machines were Diebold Nixdorf ProCash 2050xe devices. This is the first time that Belgian authorities observe this criminal practice in the country.
According to a security alert issued by Diebold Nixdorf, and obtained by ZDNet, the new variation of black box attacks has been used in certain countries across Europe.
“In the recent incidents, attackers are focusing on outdoor systems and are destroying parts of the fascia in order to gain physical access to the head compartment.” reads the alert issued by the vendor. “Next, the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC, was unplugged. This cable is connected to the black box of the attacker in order to send illegitimate dispense commands. Some incidents indicate that the black box contains individual parts of the software stack of the attacked ATM.”
The experts are still investigating how these portions of the stack code were obtained by the crooks, they speculated that attackers could have had offline access to an unencrypted hard disc.
The alert includes recommendations for countermeasures, such as:
(SecurityAffairs – hacking, black box)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.