A bank teller in Freiburg, Germany, detected incredible behavior from his bank's ATM.
Santa's virus
A message on the control panel did not bode well: "Ho Ho Ho! Today we make the cutlets! ". The employee didn't immediately grasp the meaning of it (and neither do I), but hackers had infected the ATM with Cutlet Maker, a rather singular malware.
The first "jackpot" attack in history, and here is the result: the ATM starts throwing out all its money until it runs out of money. Let's face it, it's everyone's dream.
An investigation conducted by Motherboard, a column on the Vice website and by German broadcaster Bayerischer Rundfunk has revealed (comprehensibly) few details on the method. It is a fact, however, that attacks with Cutlet Maker are increasing everywhere, mainly targeting branches with dated or out-of-date software.
An investigation by the leading cybersecurity company, la Kaspersky, warns since May 2017 on the risk of the spread of this malware, even releasing this informative video.
Last spring 36 cases were recorded in Germany alone.
What I find among the various sources is that hackers usually install the malware through a physical access point of the same ATM.
Targets used to infect are USB ports or even (I'm very skeptical of this hypothesis) the headphone jack present on several doors. Even the software to "pierce" the ATM would be quite affordable, around 1000 euros.
It really seems like the Hollywood version of a hacker attack: an ATM that starts throwing away all its money is a scene that greatly affects the collective imagination. All the details of the news seem sensational to the point of making it seem fake.
Unfortunately, this is a rather realistic scenario, and the personnel involved in the investigation even managed to purchase a copy of the offending software.