The FBI has reported a sharp increase in ATM 'jackpotting' attacks, with cybercriminals stealing over $20 million in 2025 alone. These attacks, which involve malware forcing ATMs to dispense cash illicitly, have grown both in frequency and technical sophistication, posing a mounting threat to financial institutions worldwide.
Who should care: CISOs, SOC leads, threat intelligence analysts, fraud & risk leaders, identity & access management teams, and security operations teams.
What happened?
The FBI has issued a warning about a significant rise in ATM 'jackpotting' attacks, where cybercriminals deploy advanced malware to manipulate ATMs into dispensing large amounts of cash without authorization. In 2025 alone, over $20 million was stolen through these methods, reflecting a marked increase in both the scale and complexity of such incidents. Since 2020, approximately 1,900 cases have been reported, highlighting a persistent and growing threat within the financial sector’s cybersecurity environment. These attacks have evolved beyond simple exploits, with perpetrators employing sophisticated techniques to infiltrate ATM networks, bypass layered security controls, and execute their operations with precision and stealth. The malware used often exploits vulnerabilities in ATM software and hardware, enabling criminals to remotely control machines or manipulate transaction processes. This level of technical advancement makes detection and prevention increasingly challenging for security teams. Moreover, the geographical distribution of these attacks is widespread, affecting multiple regions and signaling a global risk to financial institutions and their customers. The FBI’s report underscores the urgent need for heightened vigilance and enhanced security measures to address this emerging threat vector, which threatens the integrity of cash dispensing infrastructure worldwide.Why now?
This surge in ATM jackpotting attacks coincides with a broader escalation in cyber threats targeting financial systems globally. Over the past 18 months, cybercriminals have leveraged advances in malware technology alongside the growing influence of organized cybercrime groups to increase the scale and sophistication of their attacks. The financial sector remains a prime target due to the direct monetary gains these attacks can yield. Additionally, the ongoing shift toward digital and cashless transactions, while improving convenience, has introduced new vulnerabilities within ATM networks and associated infrastructure. As institutions adapt to these changes, attackers are exploiting gaps in security protocols and outdated systems, making this an opportune moment for cybercriminals to intensify their efforts.So what?
The rise in ATM jackpotting attacks carries significant implications for both strategic planning and day-to-day cybersecurity operations within financial organizations. Strategically, it demands an urgent reassessment of security frameworks to incorporate advanced threat intelligence and incident response capabilities tailored to counter these evolving threats. Institutions must prioritize the protection of ATM networks as critical assets vulnerable to targeted attacks. On an operational level, organizations need to enhance monitoring and detection mechanisms to identify suspicious activities early and respond effectively. This includes integrating cutting-edge threat detection technologies and conducting frequent vulnerability assessments to uncover and remediate weaknesses before they can be exploited.What this means for you:
- For CISOs: Prioritize strengthening ATM network security by conducting regular vulnerability assessments and ensuring patch management is up to date.
- For SOC leads: Deploy advanced monitoring tools capable of detecting anomalous ATM activity and enable rapid incident response protocols.
- For fraud & risk leaders: Develop comprehensive risk management strategies that specifically address ATM jackpotting scenarios and incorporate them into broader fraud prevention frameworks.
Quick Hits
- Impact / Risk: The financial sector faces heightened risks of substantial monetary losses due to the increasing frequency and sophistication of ATM jackpotting attacks.
- Operational Implication: Financial institutions must upgrade cybersecurity frameworks to effectively counter these advanced, malware-driven threats.
- Action This Week: Review and update ATM security protocols, conduct a security briefing on emerging threat vectors, and initiate a comprehensive security audit of ATM networks.
Sources
- FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
- Chip Testing Giant Advantest Hit by Ransomware
- Ukrainian gets 5 years for helping North Koreans infiltrate US firms
- FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
- PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
More from Cyber Security AI Guru
Recent briefings and insights from our daily cybersecurity, privacy & threat intelligence coverage.
- New 'Massiv' Android Malware Targets Banking Users by Imitating IPTV Apps, Experts Warn – Thursday, February 19, 2026
- Palo Alto Networks Acquires Koi for $400 Million to Enhance Code Security Capabilities – Wednesday, February 18, 2026
- New Vulnerability Exposes Password Managers to Malicious Server Attacks, Warns Security Researchers – Tuesday, February 17, 2026
Explore other AI guru sites
This article was produced by Cyber Security AI Guru's AI-assisted editorial team. Reviewed for clarity and factual alignment.