04 Mar 2026
Renewed wave of ATM “jackpotting” attacks
Banks are facing a renewed wave of ATM “jackpotting” incidents in which attackers install malware to force machines to dispense cash without legitimate user interaction or bank authorisation.
These attacks often begin with physical access to maintenance panels and the use of malicious software to override the normal transaction controls, exploiting vulnerabilities such as the absence of disk encryption and the lack of TLS encryption during data transmission. Such incident underlines an evolving threat landscape targeting ATMs and underscores the importance of strong device security, encryption and continuous monitoring. Successful logical attacks continue to occur where gaps in the security posture remain.
Why gaps exist?
- Complacency in security practices.
- Conscious decisions to forgo implementing available solutions.
- Misconceptions that certain solutions provide greater protection than they actually deliver.
- Deployment of only partial protections instead of comprehensive security measures.
How to close the gap?
- Stay informed about attack types and emerging trends.
- Implement a comprehensive suite of security protections.
- Keep protections up to date and properly configured.
As part of an effective defence strategy, BIRGER. recommends banks to:
- reinforce physical and digital safeguards to limit opportunities for unauthorised access, including the implementation of:
- communications encryption through TLS 1.2 with certificate pinning
- disk encryption solution to protect sensitive data and device integrity.
- conduct regular security audits and device assessments to identify and remediate vulnerabilities.
- monitor ATM systems for abnormal or suspicious behaviour to detect potential compromise early.
- adopt proactive security strategies and layered protection measures that address both physical and logical threats.
- align security practices with recognised industry standards to maintain robust and compliant security frameworks.
These measures will help mitigating risks associated with malware-based attacks and enhance Operational Resiliency. A proactive and risk-informed approach remains essential to safeguarding customer assets and maintaining trust in ATMs.
For more information on this topic and our Technology Solutions & Services, please contact us by mail at technology@birger.technology.
Regards,
BIRGER.
