- Netflix says ‘Fortnite’ is more competition than HBO Friday 8:25 PM
- This computer-generated Insta model looks staggeringly real Friday 7:15 PM
- Netflix is bringing back ‘Unsolved Mysteries’ with ‘Stranger Things’ producer Friday 6:42 PM
- Facebook is creating a meme feature to bring back the teens Friday 4:13 PM
- A hitman’s smartwatch helped send him to prison for life Friday 4:05 PM
- Privacy group files complaints against Netlifx, Spotify for GDPR violations Friday 3:02 PM
- Bikini Kill reunion show sale proves the internet is still hell for live music fans Friday 2:55 PM
- Teen’s photo of Nazi-themed school-dance invite goes viral Friday 2:31 PM
- Ben Shapiro comes out as pro-baby Hitler in March for Life message Friday 2:28 PM
- Facebook staffers caught writing 5-star Amazon reviews for Portal speaker Friday 2:27 PM
- R. Kelly supporters are using #FirstThem to protect him Friday 1:55 PM
- Lin-Manuel Miranda tweets his disappointment about Trump and Puerto Rico Friday 1:28 PM
- YouTuber Simone Giertz reveals her brain tumor has returned Friday 1:07 PM
- ‘Conversations With a Killer: The Ted Bundy Tapes’ feels like a bad one-man show Friday 12:37 PM
- Post-cataclysmic sci-fi flick ‘IO’ fails to stand out in its saturated genre Friday 12:30 PM
A report from Trends Micro says there is a shift in the ATM malware landscape from attacks that require physical instruments to network-based approaches. Instead of using skimmers, USB-ports, or CD drives to infect a machine, hackers are now infiltrating a bank’s internal networks to gain access to ATM funds.
The steps in these attacks aren’t unlike the many cyberattacks we’ve seen over the past few years. Hackers first send malware using an email phishing scam to a company’s weakest link—its error-prone human employees—before stealing admin credentials and hacking into networks. Once that’s complete, criminals can gain remote access to ATMs and start dispensing cash.
A benefit of using remote attacks is that any ATM connected to the compromised network can be attacked, unlike a physical attack which requires targeting a single machine at the most opportune time. Hackers can even attack multiple machines simultaneously, spewing out money to cash mules who act like they’re making a standard transaction. Some malware even has self-deleting properties, making it nearly impossible to trace back to the source.
Trends Micro says it worked with European Cybercrime Center (EC3) to examine how network-based attacks have developed over time. The internet security company presented the Ripper case as one of the most damaging examples. In 2016, hackers stole more than 12 million baht, or around $350,000, in Thailand from 21 ATMs. Around 10,000 machines were vulnerable to the attack.
“It could be that these are regular criminal groups that already had access to the bank’s network and eventually realized that they could hop onto the ATM network,” Trends Micro writes. “In Ripper’s case, though, it shows that some of these criminals are specifically looking for the ATM network as a target and not stumbling upon it by mere chance. These gangs have both the inclination and the technical knowledge to target these machines over any other resources of the targeted bank.”
The report explains that hackers have two main objectives when going after an ATM: to either empty its cash out or collect payment card data while people are using them, similar to a skimmer. Network-based attacks are much more complicated than physical attacks, but often lead to higher payouts.
Attacks using remote methods have not been reported in Europe or the United States, but Trends Micro and EC3 believe it is “probably going to consolidate in 2017 and beyond.”
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.