Automated Teller Machines in several Asian countries have been the target of large-scale organised hacks over the past few years. Attackers have used vulnerabilities present in these machines to steal varying, but significant, amounts of cash from several ATM networks in Thailand, Malaysia, Japan, Taiwan, and Bangladesh, among others. The latest of such attacks have taken place in Thailand, where 21 ATMs were targeted, resulting in a loss of more than THB 12 million (USD 350,000 or LKR 50 million). This attack also resulted in a significant portion (47%) of Thailand’s Government Savings Bank’s ATMs to be shut down.
Investigations have revealed that these distributed attacks have been done by installing a now‑identified piece of malware on targeted ATMs using the EMV chips on bank cards. This malware disconnects the machine from the bank in such a way that the bank only that the machine is malfunctioning. The attackers will then be able to withdraw all the cash available in the machine bypassing authentication, hence not affecting bank accounts. This type of attack is called “Jackpotting”, as the successful exploitation will lead to all cash being ejected from the machine, akin to machines at casinos. Three major brands of ATM are known to be vulnerable to this type of attack, including NCR and Wincor Nixdorf. It has been reported that patches have been applied to ATMs since these attacks happened, and that the suspects, most of whom are foreign nationals, have been identified and/or apprehended. Banks and ATM service providers are urged to apply the latest patches to their network of ATMs to avoid such attacks.