If there was ever a better time for financial institutions to raise the bar on network security, it is now. Cyber criminals, who are always working behind the scenes to refine their skills, appear to have found a way to orchestrate ATM malware attacks and steal millions remotely.
Initially, hackers needed to access ATMs before they could compromise them physically. Common ATM attacks involved gluing skimmers to harvest card information of unsuspecting users or installing malware using removable drives. However, having to visit ATMs to execute their plans physically meant hackers had to target ATMs in remote locations or unsecured spots for their security. Moreover, they risked leaving their fingerprints behind and a security footage that could be used to track them down by the authorities.
A shift to Network-Based Attacks
Although physical ATM malware attacks are still frequent, especially in ATMs whose system update is not done on time to install crucial security features required to fix system vulnerabilities, cybercriminals are shifting the landscape to network-based attacks for the reasons highlighted above.
According to two firms in the cybersecurity industry (Trend Micro and Europol’s European Cybercrime Center) which joined forces to study the evolving terrain of ATM malware, this emerging threat requires no physical interaction with an ATM. Hackers target a bank’s network. Unlike physical attacks which necessitate privacy (either at night when no one is around or in less frequented ATMs), network-based attacks are remotely executed at any time, and any ATM within the compromised network can be a target.
Hackers have made away with millions in several network-based ATM malware heists
Textbook examples of network-based ATM malware heists were successfully executed in Taiwan and Thailand in 2016 by what was suspected to be the same cybercrime syndicate from Eastern Europe using the Ripper virus. In the Taiwanese heist, $2.8 million was stolen from 22 branches of the First Commerce Bank. In Thailand, 22 ATMs were targeted and the hackers made away with 12.29 million Baht (about $346,000). Investigations into the Thai heist revealed that the number of ATMs vulnerable to the virus was 10,000.Moreover, several Europe countries went on to experience similar ATM heists later in the year.
Bank employees are considered the weakest link in a bank security system
To execute their plans, hackers do not try to infiltrate the often sophisticated network of a banking system directly. They are aware of the complexity involved and the risk of exposing their identity online. That is why they sent phishing emails to bank employees who, to them, represent the weakest link in a bank security system. These emails contain malicious executables that they use to capture an employee’s credentials. These credentials are used to access a bank’s network and to take charge of ATMs. Once ATMs are compromised, a hacker can approach any ATM in the network and withdraw cash like a typical ATM user.
The fact that no case has been reported in the US so far does not mean that US banks are immune to network-based ATM malware. The stealth manner in which it is carried out should be enough to worry any banker.