In previous attacks, the thieves disguised themselves as technicians to avoid drawing attention. After that, they hooked up a laptop with a mirror image of the ATM's operating system and malware (Diebold also mentioned replacing the hard drive outright). Security researcher Brian Krebs understands American ATMs have been hit with Ploutus.D, a variant of "jackpotting" malware that first launched in 2013. The mirror image needs to be paired with the ATM to work, but that's not as difficult as you might think -- the intruders used endoscopes to find and press the necessary reset button inside the machine. Once done, they attached keyboards and used activation codes to clean out ATMs within a matter of minutes.
NCR hasn't been explicitly targeted in these attacks, but it warned that this was an "industry-wide issue" and urged caution from companies using its ATMs.
It's definitely possible to thwart attacks like this. The Secret Service warned that ATMs still using Windows XP were particularly easy targets, and that updating to Windows 7 (let alone Windows 10) would protect against these specific attacks. Diebold also recommended updating to newer firmware and using the most secure configurations possible. And both organizations recommended physical security changes, such as using rear-loading ATMs, locking down physical access and closely watching for suspicious activity like opening the machine's top.
The catch, of course, is that ATM operators either haven't been diligent or may have a hard time justifying the updates. It's telling that victim machines have been running XP, a 16-year-old platform whose official support ended in 2014 -- the odds aren't high that companies will keep their ATMs up to date, let alone replace them with more secure models or institute advanced defenses. You may not see a widespread attempt to combat jackpotting in the US until the problem becomes too large to ignore.