The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe.

Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks.

Criminals using a black-box device common with these type of attacks have increased their activity across Europe by targeting Diebold’s ProCash 2050xe USB terminals, according to an Active Security Alert (PDF) by Diebold Nixdorf released last week.

The company believes that the device used in the attacks “contains parts of the software stack of the attacked ATM,” it said in its alert.

It’s as yet unclear about how attackers gained access to the internal software of the machines, according to Diebold. However, a previous offline attack against an unencrypted hard disc of the machine could be to blame, according to the alert.

So called Jackpotting attacks are those in which cybercriminals find a way to hack into an ATM machine to trigger the machine to release cash, much like a slot machine at a casino–hence the name.

There are a number of ways cybercriminals can target cash terminals with these attacks.

The recent attacks observed by Diebold are black-box dispenser attacks, with threat actors focusing on outdoor systems, destroying parts of their facades to gain physical access to the control panel of the machines.

To jackpot the machine, criminals unplug the USB cable that connects the CMD-V4 dispenser of the terminals and their electronic systems and connect them to the black box so they can “send illegitimate dispense commands.”

#hacks #vulnerabilities #machine learning