The FBI warns of a wave of attacks that could empty ATMs within minutes.
ATMs have once again been targeted by cybercriminals. According to an FBI warning, a seemingly extinct classic technique has resurfaced in recent months.er of physical attacks on ATMs in the United States. This technique, known as "slashing," allows attackers to force an ATM to dispense cash without requiring a card or bank account.
The procedure is relatively simple. Attackers gain access to the ATM's maintenance compartment (in some cases using public keys) and access the internal hard drive. Once inside, they install malware or replace the drive with a previously infected one.
After the terminal device is restarted, the malicious code runs automatically and takes control of the system.
The Ploutus malware is one of the most widely used tools, a program that was discovered years ago and remains effective thanks to its integration into the structure of many ATMs.
Instead of breaching bank networks or firewalls, this program exploits a layer known as eXtensions for Financial Services (XFS), which acts as an intermediary between the ATM's operating system and the bank's authentication servers. By sending commands directly to this layer, the malware bypasses legitimate controls and enables cash dispensing.
The FBI's figures are alarming. Of the nearly 1,900 incidents recorded since 2020, approximately 700 occurred in the last year alone, with losses exceeding $20 million.
This problem does not affect any specific brand, as most ATMs share a similar architecture, and many still operate on older systems that no longer receive security updates.
The FBI confirms that the threat combines physical and digital vulnerabilities. Recommended measures include disabling unused USB ports, monitoring suspicious executable files, replacing standard locks with keypads, and installing tamper-resistant alarms.
Although the warning focuses on the United States, this technology could spread to any country where there are ATMs with similar configurations, so caution is advised, and ATMs that appear to have been modified should be avoided.