News ATM maker Diebold Nixdorf has discovered a new form of attack in Eastern Europe


Reaction score
Diebold Nixdorf experts have warned of a new variation of the black box attacks on ATMs, which began to be used by attackers in Belgium.

Black box attacks are a form of jackpotting attacks in which cybercriminals literally force an ATM to spit out money.

Such an attack can be carried out using malware installed in an ATM, or using a black box. This term usually refers to a laptop or a device based on a single-board microcomputer, which is used to connect to the internal components of the ATM (for access to ports, wiring, etc. criminals usually disassemble the case or cut a hole in it). By connecting to the machine, the attackers simply give the ATM command to “release” cash from the cassettes in which they are stored.

Diebold Nixdorf writes that so far, new attacks are being used only against ProCash 2050xe ATMs, to which cybercriminals connect via USB ports. The company explains:
“During recent incidents, attackers have focused on street systems. They destroy parts of the bezel to gain physical access to the main compartment. They then disconnect the USB cable between the CMD-V4 dispenser and special electronics, or the cable between special electronics and the ATM computer. This cable connects to the black box of intruders to send cash withdrawal commands. ”
But this in itself did not attract the attention of specialists. The fact is that attackers usually use malware or their own code to interact with ATM components, but now the hackers seem to have got hold of a copy of the legitimate ATM software (firmware), which they installed on the black box and used to interact with the machines.

While the investigation of the incidents is still ongoing, but Diebold Nixdorf believes that hackers could connect to some ATM and find that its software was stored on an unencrypted hard drive. ZDNet

Editioncites its own sources in the banking sector and reports that the warning published by the manufacturer is directly related to the investigation of a number of jackpotting attacks that occurred in Belgium in June-July 2020. These attacks (two cases of strange jackpotting) forced the Belgian bank Argenta to suspend the operation of 143 ATMs. Moreover, local media wrote that only Diebold Nixdorf devices were attacked.

Telefonica's banking specialist, Manuel Pintag, told reporters that this method of hacking ATMs is not unique in general, although it had previously been encountered not in Europe but in Latin America.
Top Bottom