FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millions in stolen cash

In a striking reminder of the vulnerabilities in our financial infrastructure, ATM jackpotting has transitioned from a theoretical concern to a lucrative criminal enterprise. Just over a decade ago, renowned security researcher Barnaby Jack made headlines by hacking an ATM live on stage at the Black Hat security conference, showcasing the potential risks. Fast forward to 2025, and the FBI reports a staggering increase in these attacks, with more than 700 incidents resulting in at least $20 million in stolen cash. The FBI's latest security bulletin reveals that cybercriminals are employing a dual approach to execute these heists. They gain physical access to ATMs using generic keys to unlock front panels and access internal components, while also deploying sophisticated digital tactics. One of the most notorious pieces of malware, known as Ploutus, is particularly concerning. This malicious software targets the Windows operating system that powers many ATMs, giving hackers complete control over compromised machines. Ploutus enables attackers to manipulate ATMs to dispense cash without deducting funds from customer accounts, effectively circumventing standard security measures. By exploiting extensions for financial services, or XFS software, which facilitates communication between an ATM's hardware components, hackers can execute rapid cash withdrawals that often go undetected until it's too late. The FBI's bulletin warns that the speed and stealth of these operations make them especially difficult to track. Security researchers have identified vulnerabilities within XFS software that could allow criminals to exploit ATMs, leading to potential losses before adequate countermeasures can be implemented. As this trend continues to grow, the financial sector must remain vigilant against the evolving tactics of cybercriminals.