Saturday, July 20, 2024

Jackpotting attacks on ATMs increase across country

The U.S. Secret Service is alerting financial institutions to an increase in ATM jackpotting attacks.

ATM jackpotting attacks can cause significant loss, and a new type has been seen lately. On June 3, between 2:30-3:30 a.m., suspects in a light blue Chevy Cruze with a temporary tag expiring Aug. 1, 2024, attempted to conduct malware-style jackpotting attacks on drive-up ATMs in Alex and Chickasha.

The attacks were on Diebold Opteva 7790 models. The suspects appeared to use a master key to access the machine. The hard drives on both ATMs were replaced (fortunately the hard drives they took were encrypted). The suspects were unable to successfully complete the attacks. Financial institutions with similar ATMs (especially those which may not have encryption enabled) should be aware of any suspicious activity or alerts at your ATMs.

The activity did not trigger any alarms.

In the event of a suspected attack: In the event of a confirmed attack: Helpful tips:
Do not touch any part of the machine without gloves on. Notify local law enforcement and the U.S. Secret Service Cyber Crimes Task Force. For any cameras facing the ATM, check camera positions and focus.
Review surveillance for times prior to the machine going out of service. Service technicians should be advised to download electronic journals from the machine prior to removing a hard drive. Ensure clear camera lenses for any camera facing the ATM.
If you can, balance the machine to determine any cash outage. Oklahoma Bankers Association members should notify so we can alert other members in the area. Ensure timestamps are present and correct.  Video cannot be used as admissible evidence if it doesn’t have timestamps.

In Oklahoma, any suspected skimming or jackpotting attack should be reported to the U.S. Secret Service Cyber Crimes Task Force at (405) 272-0630. Reference CrimeDex Alerts 353052 and 353051 at (a subscription-based nationwide alert system).