View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 22, 2016

ATM fraud: Cash machines attacked over network

Banks face new cyber security threat from ATM fraud malware.

By Alexander Sword

Banks are coming under attack from a new spate of malware that allows cyber criminals to take control of cash machines.

The attack, which has affected banks in countries including the UK, Russia, the Netherlands and Malaysia, allows criminals to force groups of cash machines to issue cash which can be collected by thieves.

No physical tampering is required, said cyber security firm Group IB, which revealed the attacks. The technique is named “touchless jackpotting”.

The tools used to conduct the attack are widely available in public sources and the shortest time taken to successfully conduct an attack was 10 minutes.

Dmitry Volkov, Head of the Investigation Department and the Bot‑Trek Intelligence service at Group IB, said that this kind of attack on ATM machines may become “one of the key threats targeting banks”.

ATM fraudIndeed, the number of logical attacks on ATMs is on the rise, according to the European ATM Crime Report by European ATM Security Team. In the first half of 2016 28 incidents were reported (all ‘cash out’ or ‘jackpotting’ attacks), rising from 5 during the same period in 2015.

These led to losses of €0.4 million, around 0.2 percent of total ATM fraud losses recorded in the period.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Volkov said that they “enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services.

“That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.”

Cyber security at banks has faced greater scrutiny due to the high-profile attack on the Bangladesh Central Bank using the SWIFT messaging service. The attack saw over $80 million stolen.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.