The older machines — about half of them running Windows XP, which no longer receives security updates — are very vulnerable to "jackpotting" attacks where criminals trick the machines into paying out money without correctly debiting any account, to the tune of millions.
Brian Krebs interviewed a marketing director from NCR, whose machines were jackpotted in a string of attacks in Malaysia, who downplayed the XP angle, and insisted that all vendors' products were equally vulnerable.
Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call "black box" attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.
The second type that we're now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren't in place.
Spike in Malware Attacks on Aging ATMs [Brian Krebs/Krebs on Security]