Renewed wave of ATM “jackpotting” attacks

04 Mar 2026

Renewed wave of ATM “jackpotting” attacks

Banks are facing a renewed wave of ATM “jackpotting” incidents in which attackers install malware to force machines to dispense cash without legitimate user interaction or bank authorisation. 

These attacks often begin with physical access to maintenance panels and the use of malicious software to override the normal transaction controls, exploiting vulnerabilities such as the absence of disk encryption and the lack of TLS encryption during data transmission. Such incident underlines an evolving threat landscape targeting ATMs and underscores the importance of strong device security, encryption and continuous monitoring. Successful logical attacks continue to occur where gaps in the security posture remain.

Why gaps exist?

  • Complacency in security practices.
  • Conscious decisions to forgo implementing available solutions.
  • Misconceptions that certain solutions provide greater protection than they actually deliver.
  • Deployment of only partial protections instead of comprehensive security measures.

How to close the gap?

  • Stay informed about attack types and emerging trends.
  • Implement a comprehensive suite of security protections.
  • Keep protections up to date and properly configured.

As part of an effective defence strategy, BIRGER. recommends banks to:

  • reinforce physical and digital safeguards to limit opportunities for unauthorised access, including the implementation of:
    • communications encryption through TLS 1.2 with certificate pinning 
    • disk encryption solution to protect sensitive data and device integrity.
  • conduct regular security audits and device assessments to identify and remediate vulnerabilities.
  • monitor ATM systems for abnormal or suspicious behaviour to detect potential compromise early.
  • adopt proactive security strategies and layered protection measures that address both physical and logical threats.
  • align security practices with recognised industry standards to maintain robust and compliant security frameworks.

These measures will help mitigating risks associated with malware-based attacks and enhance Operational Resiliency. A proactive and risk-informed approach remains essential to safeguarding customer assets and maintaining trust in ATMs.

For more information on this topic and our Technology Solutions & Services, please contact us by mail at technology@birger.technology.

Regards,
 

BIRGER.

You may also like

13 Jun 2025

BIRGER. NCR Services Partner of the Year for MEA

BIRGER. has been awarded NCR’s Services Partner of the Year for the Middle East & Africa Region for its outstanding achievements in services.

Read More

12 May 2021

BIRGER. Cyber Security Survey 2020

Covid-19 has created a new reality and we do not expect to go back to the previous one. Organisations have had to adapt their operating model to ensure the continuity of their operations.

Read More

23 Apr 2019

An organisation without a plan B is not fully resilient

ContinuityMauritius specialises in Business Continuity Management (BCM) and Organisational Resilience.

Read More