The battle for ATMs: how criminals break into self-service devices

The growing number of malicious software and physical attacks is one of the most worrisome trends of banking in 2018.

The growing number of malicious software and physical attacks is one of the most worrisome trends of banking in 2018. At the beginning of the year, the wave of “jackpotting” attacks swept across Asia, North and South Americas. Europe is currently facing a similar threat.

The main problem for financial institutions is that they have to protect their infrastructure from completely different types of attacks. Unfortunately, there is no universal solution to all possible issues.

Financial institutions are responsible for protecting physical assets and stored money. At the same time, they also take care of intellectual property and business-crucial data, with client loyalty being at stake.

The threats we will be examining can be divided into three main types. Each group of vulnerabilities has its own specifics and requires the consolidation of multiple bank departments and assistance of experienced technology partners.

Contents

1 Physical attacks on ATMs
2 Intrusion attacks through ATMs
3 Global malware attacks on the bank IT infrastructure

Physical attacks on ATMs

According to recent statistics, the most popular attacks on ATM are performed with rather primitive means. Commonly burglars try to saw or break open the ATM, which in most cases takes a lot of time and attracts the police. In 8 out of 10 cases of such attacks, criminals are detected even before they are able to access cash.

Criminals using special means such as explosives pose a higher threat. For example, an ATM can be filled with gas and blown up. In recent years, about 30 such incidents have been recorded worldwide. The damage from such attacks can reach up to 200 million euros annually.

Preventing such attacks is the prerogative of security services. Installing ATM monitoring systems enhanced with sensors and notification scenarios can help minimize the risk of the criminals disappearing without a trace.

Intrusion attacks through ATMs

An even greater threat comes from attackers who access and reprogram the hardware using malicious software. Hackers can drill a small hole to access the ATM computer and tamper with the system. Malicious software such as the Green Dispenser Trojan or the Cutlet Maker kit are freely available to hackers, and they pose a tremendous threat for banks.

Compromised devices are hard to detect, therefore criminals manage to carry out the preparatory stage without much risk. The first step includes sealing the ATM video cameras and drilling small holes in the terminals shell, a process which only takes a few minutes. After that, all that is left is to insert a USB drive in order to gain control over the ATM computer.

The malicious program can instruct the dispenser to empty all ATM cassettes before the security services have time to respond. The speed and ease of logical attacks make them the most dangerous and effective way of stealing money.

The best way to protect devices from hackers is to use solutions that restrict access to the device from the outside. Creating a “sandbox” environment in the ATM allows detecting any suspicious activity automatically and instantly informing the responsible personnel.

Global malware attacks on the bank IT infrastructure

Often the point of penetration for criminals is not the ATM terminal itself, but other parts of the bank IT infrastructure. High staff rotation and low technological level of organizations make the attack surface even greater, rendering the job of security services even more complicated.

For this reason, virtually no ATMs are connected to the internal bank network making external access nearly impossible. The use of VPNs, TLS protocols, special “firewalls” allows concentrating protective resources around the most vulnerable part of the banking infrastructure.

Thus, even in the case of banking database hacks ATMs and payment terminals are relatively safe. The defense system of self-service devices should remain detached and generally independent from the bank infrastructure. Nevertheless, only experienced companies can check the correctness of the configuration of all self-service device protection systems.

BS/2 offers comprehensive ATM security audit services for self-service devices. Solutions by BS/2, such as ATMeye.iQ, help protect over 80,000 devices worldwide, while Diebold Nixdorf solutions like Vynamic Security provide comprehensive ATM protection.

Contact BS/2 representatives to learn more about our audit procedure, and the possibilities BS/2 solutions may provide to your business.

Did you enjoy our content? Subscribe to our newsletter to receive valuable insights and exclusive offers from BS/2.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga, _gat	2 years	Google Analytics tracking cookies. The cookie collects information about user’s behavior on the site and composes statistical information.
_gid	24 hours	The cookie collects information about user’s behavior on the site and composes statistical information.
_utma, _utmb, _utmc, _utmz	2 years	Google Analytics tracking cookies. Information to the server is sent anonymously. Cookies identify unique visitors and monitor user sessions.