FS-ISAC Statement on ATM Jackpotting

FS-ISAC Statement on ATM Jackpotting

Recent reports of ATM jackpotting do not impact consumer accounts. Most consumers are protected by their banks from fraudulent activity. As part of cyberhygiene best practices, we recommend consumers check their e-statement every month and immediately report any suspicious activity to their bank(s). 

ATM “jackpotting” is something the financial sector takes seriously. It does not appear widespread in the US at this time.  As with all other cyberthreats, FS-ISAC rapidly shares information about exploits and attacks so that financial institutions can quickly defend themselves. FS-ISAC tracks millions of threat indicators and information sharing remains one of the most effective ways to combat cybercrime.  Some of the known exploits may be used in ATM cyber-attacks but are not exclusive to ATM attacks. 

ATMs that are targeted would most often include standalone ATMs or ATMs that are exposed like at a drive-thru or at an outdoor location. Typically, these types of attacks require physical access to ATMs. ATM attacks usually result from criminals needing to bypass several layers of defenses and exploiting known vulnerabilities on ATMs with older operating systems that may not have been patched or updated. ATMs and systems have multiple defenses including physical and cyber. Financial institutions are constantly reviewing and improving layered security in response to changes in the evolving threat landscape. Manufacturers have security teams that monitor the evolving risks to ATMs, providing software patches and other security recommendations to their customers (ATM operators).  While many ATMs are patched regularly, it may take more time and effort to patch remote ATM installations. In addition to updating the ATM operating system, some ATM manufacturers also recommend updating to newer firmware and using the most secure configuration possible.

For additional information, please contact communications@fsisac.com.