- Bernie Sanders wins Nevada Caucuses Saturday 6:54 PM
- MSNBC is out of its mind over Sanders leading Nevada Saturday 5:20 PM
- Kim Kardashian dragged for using makeup to darken her hands Saturday 4:13 PM
- TikTok users show how they turned their vehicles into incredible tiny homes Saturday 3:44 PM
- Woman iconically pranks man who sent her an unsolicited d*ck pic Saturday 2:25 PM
- ‘Terrifying’ deepfake puts Jeff Bezos and Elon Musk in ‘Star Trek’ Saturday 1:06 PM
- A 36-year-old called the cops after being booted from parents’ phone plan Saturday 12:16 PM
- People think novelist Dean Koontz predicted the coronavirus in 1981 thriller Saturday 10:22 AM
- Twitter suspends 70 pro-Bloomberg accounts Saturday 9:15 AM
- In documentary ‘Modern Whore,’ a former escort takes control of her own narrative Saturday 6:30 AM
- Cara Delevingne calls out Justin Bieber for ‘ranking’ wife Hailey’s friends Friday 9:07 PM
- Fans defend Jenna Marbles after some people claimed she mistreated her dogs in a recent video Friday 8:37 PM
- ‘Friends’ gets reunion special on HBO Max, fans go wild Friday 7:37 PM
- Why you should drop everything and start reading ‘Lore Olympus’ Friday 6:27 PM
- ‘Boogaloo’ memes are trying to organize a second civil war—and they’re spreading fast Friday 3:48 PM
A report from Trends Micro says there is a shift in the ATM malware landscape from attacks that require physical instruments to network-based approaches. Instead of using skimmers, USB-ports, or CD drives to infect a machine, hackers are now infiltrating a bank’s internal networks to gain access to ATM funds.
The steps in these attacks aren’t unlike the many cyberattacks we’ve seen over the past few years. Hackers first send malware using an email phishing scam to a company’s weakest link—its error-prone human employees—before stealing admin credentials and hacking into networks. Once that’s complete, criminals can gain remote access to ATMs and start dispensing cash.
A benefit of using remote attacks is that any ATM connected to the compromised network can be attacked, unlike a physical attack which requires targeting a single machine at the most opportune time. Hackers can even attack multiple machines simultaneously, spewing out money to cash mules who act like they’re making a standard transaction. Some malware even has self-deleting properties, making it nearly impossible to trace back to the source.
Trends Micro says it worked with European Cybercrime Center (EC3) to examine how network-based attacks have developed over time. The internet security company presented the Ripper case as one of the most damaging examples. In 2016, hackers stole more than 12 million baht, or around $350,000, in Thailand from 21 ATMs. Around 10,000 machines were vulnerable to the attack.
“It could be that these are regular criminal groups that already had access to the bank’s network and eventually realized that they could hop onto the ATM network,” Trends Micro writes. “In Ripper’s case, though, it shows that some of these criminals are specifically looking for the ATM network as a target and not stumbling upon it by mere chance. These gangs have both the inclination and the technical knowledge to target these machines over any other resources of the targeted bank.”
The report explains that hackers have two main objectives when going after an ATM: to either empty its cash out or collect payment card data while people are using them, similar to a skimmer. Network-based attacks are much more complicated than physical attacks, but often lead to higher payouts.
Attacks using remote methods have not been reported in Europe or the United States, but Trends Micro and EC3 believe it is “probably going to consolidate in 2017 and beyond.”
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.