New era for ATM heists as hackers use malware to steal from machines remotely

Physical access to ATMs is no longer needed to hijack cash, experts warn.

Criminals are now using network cyberattacks to hack cash machinesGetty Images

Cybercriminals are increasingly using advanced hacking techniques to infiltrate cash machines around the world and steal millions, experts have warned.

A report released this week (26 August) by EU law enforcement agency Europol and cybersecurity firm Trend Micro analysed recent attacks against ATMs and concluded that criminals are now moving away from traditional heists in favour of network-focused hacks.

"The cat is out of the bag," the report warned.

Advertisement

"In the past, banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks. This is no longer the case."

The joint analysis, titled "Cashing in on ATM malware", found that physical access to ATMs is no longer needed.

Instead, hackers are infiltrating banks' corporate networks using targeted email phishing to gain unprecedented access to customers' money.

Physical ATM attacks were first recorded back in 2009, typically involving the use of USB drives or CDs to infect operating systems.

While this strategy is still used by some, the report found that hackers are increasingly exploiting software bugs to "walk away with fully loaded wallets".

One of the main problems is that the majority of machines run outdated software.

The Trend Micro researchers said that the use of Windows XP is still widespread, meaning that there are "at least hundreds of thousands" of ATMs running an operating system that is no longer protected against new bugs, vulnerabilities or exploits.

Advertisement

In other cases, hackers can use phishing emails directed at bank employees to access the network, which can help them uncover private details about cash machines.

Once inside, they can install remote malware or spread across the bank's wider computer system.

And using malware means the criminals at the top of the food chain no longer have to visit the machines. Instead, they now employing "money mules" to do the dirty work.

Trend Micro noted that network infections require more technical skill than traditional attacks, but found that cybercriminals are learning quickly. Indeed, only last year, ATM hacks in Taiwan –allegedly the work of an Eastern European gang – netted a massive $2m.

Advertisement

The malware itself is also growing in sophistication. In 2015, experts from Proofpoint, a cybersecurity firm, revealed a strain known as "GreenDispenser" had been designed in a way that would leave "little if any trace of how the ATM was robbed".

More recently, in July and August last year, cash machines were emptied in Thailand with the help of a new form of malware dubbed "Ripper", which spread via email phishing.

Thailand's Government Savings Bank (GSB) was forced to shut down half of its ATMs after hackers compromised roughly 12 million baht (£260,000, $350,000).

In most cases, the culprits' identities remain unknown, but the report said that evidence has linked some strains of malware to individuals in Latin America and Russia.

"ATM malware attacks in various parts of the world continue to make headlines and cause significant costs to the financial industry," said Trend Micro researcher Martin Roesler.

"We can gather that the use of ATM malware is becoming more commonplace, with cybercriminals constantly improving their attack methods in hopes of remaining undetected and unapprehended.

"This poses a growing problem to financial institutions."

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.