ATM malware has evolved from requiring physical access to infect the machines to successfully attacking network-based attacks using the bank’s corporate network. The report dissects recent attacks using bank networks to both steal money and credit card data from ATM machines, regardless of network segmentation. These attacks not only risk personally identifiable information (PII) and large sums of money, but also put banks in violation of PCI compliance standards.
One of the most noteworthy network-based attacks involves Ripper, the first known ATM malware that uses the network as an infection vector. In 2016, ‘Ripper’ hackers in Bangkok were able to access the Government Savings Bank, and distribute malware to its ATMs. By disabling real time anti-fraud detection, mules were able to take modified bank cards to jackpot the machines to the tune of USD 13 million.
In 2016, hackers were able to access 41 ATMs in Taiwan, and stole USD 2.5 million from 22 branches of First Commercial Bank without using cash cards or even touching the PIN pads. In Russia, ‘Cobalt’ hackers are successfully sending phishing emails to Russian bank employees to gain access to their security programme, and remotely manage ATMs to dispense cash to a network of mules.
The report is called “Cashing in on ATM Malware” and details both physical and network-based malware attacks on ATMs, as well as highlights where the malware is created.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now