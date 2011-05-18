Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That's exactly what some cyber criminals are after. They're targeting ATMs and launching "jackpotting" attacks, forcing them to dispense bills like a winning slot machine. Already this year, the U.S. Secret service has warned financial institutions of such attacks.

Security researcher Barnaby Jack demonstrated such an attack and amazed attendees at Black Hat when he made two unpatched ATMs spit out cash on stage. For the most part, however, jackpotting was little more than a hypothetical until recently.

Now, with confirmed strains of malware like Ploutus.D being used in ATM jackpotting attacks on U.S. soil, jackpotting can be added to the growing list of popular ATM attack types, including skimming, shimming and network-based attacks. Here we examine various ATM attack techniques and offer security recommendations to protect against them.