The US Secret Service is warning that ATM jackpotting has finally hit American shores, with crooks using a known malware strain to cash out older Diebold units.
According to security blogger Brian Krebs, the Secret Service began warning financial institutions last week that stand-alone ATMs in places like pharmacies and big box retailers have been targeted in recent days.
The crooks seem to be using a strain of malware called Ploutus.D to hit Diebold Opteva 500 and 700 series ATMs, says Krebs, citing a source. In a security alert, Diebold says that the attacks appear to be similar to a spate that hit Mexico last year.
The Secret Service says that the criminals - masquerading as ATM service technicicans - use endoscope medical devices to look inside cash machines and find the spot where they can attach a cord to link a laptop to the ATM's computer. They then install malware and force the ATM to spit out its cash.
Diebold recommends that operators controll access to areas used by personnel to service the ATM and implement two-factor access control mechanisms for service technicians.
This is thought to be the first time that jackpotting has been carried out on US soil but the technique has long been deployed in other parts of the world. Europe saw a surge in the number of ATM black box attacks - where devices are attached to machines and command cash outs - in the first half of 2017.
There were 114 across 11 countries over the six months, more than 300% up on the 28 seen in H1 2016, according to the European Association for Secure Transactions (East), which estimates related losses of EUR1.5 million.