(Reuters) – ATM maker Diebold Nixdorf Inc warned banks that hackers may be targeting U.S. cash machines with tools that force them to spit out cash, the latest development to highlight the increasing threat hackers pose to financial firms.
The company said on Friday that U.S. authorities had warned it that so-called “jackpotting” attacks could move from Mexico to the United States within the next few days.
If any attacks are confirmed in the United States, they would be first cases of “jackpotting” in the country, according to security news website Krebs on Security, which reported on the attacks earlier on Saturday.
Diebold Nixdorf spokesman Mike Jacobsen confirmed the Krebs report that his company had issued the warning, but declined to say how many banks in Mexico and the United States had been targeted or comment on the size of any losses.
ATM “jackpotting” has been on the rise in recent years, though it is unclear how much money has been stolen because banks and law enforcement agencies often keep such details secret.
A confidential U.S. Secret Service alert sent to banks said that the hackers targeted stand-alone ATMs typically located in pharmacies, big box retailers and drive-thru ATMs, Krebs on Security reported.
“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” Krebs cited the Secret Service as saying.
Reuters was unable to obtain a copy of the Secret Service report and an agency representative declined comment. Officials with the Federal Bureau of Investigation could not immediately be reached.
Russian cyber security firm Group IB has reported that cyber criminals remotely attacked cash machines in more than a dozen countries across Europe in 2016 using malicious software that forces machines to spit out cash. Similar attacks were also reported that year in Thailand and Taiwan.
Diebold Nixdorf’s alert said that the hackers were targeting a model in its line of ATMs, known as the Opteva, which the company stopped making several years ago but is still used by some banks.
The company believes that the same approach would not work on other models, Jacobsen said.
The alert described steps that banks can take to prevent against such attacks.
Reporting by Jim Finkle in Toronto; Additional reporting by Dustin Volz in Washington; Editing by Susan Thomas