New Era for ATM Heists as Hackers Make Use of Malware to Steal from Machines Remotely


Experts have warned that cybercriminals are frequently making use of advanced hacking techniques to infiltrate cash machines around the world and steal millions.

A report by Europol, an EU law enforcement agency and Trend Micro, a cybersecurity firm that was released this week (26 August) analysed recent attacks against ATMs and concluded that criminals are now shifting away from traditional heists and turning to of network-focused hacks instead.

“The cat is out of the bag,” warned the report.

“In the past, banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks. This is no longer the case.”

The joint analysis, entitled “Cashing in on ATM malware”, discovered that physical access to ATMs is no longer required.

Instead, hackers are infiltrating the corporate networks of banks using targeted email phishing to get unprecedented access to customers’ money.

Physical ATM attacks were first recorded in 2009, usually involving the use of CDs or USB drives to infect operating systems.

While this strategy is still practised by some, the report discovered that hackers are increasingly utilising software bugs to “walk away with fully loaded wallets”.

One of the main problems is that majority of machines run outdated software.

Researched fro Trend Micro said that the use of Windows XP is still widespread, which means that there are still “at least hundreds of thousands” of ATMs that are running an operating system that is not anymore protected against new bugs, exploits, or vulnerabilities.

In other cases, hackers can make use of phishing emails directed at bank employees to access the network, which can help them reveal private information about cash machines.

Once inside, they can easily install remote malware or spread across the wider computer system of the bank.

And making use of malware means that the criminals that are at the top of the food chain no longer need to visit the machines. Instead, they now employ “money mules” to execute the dirty work.

Trend Micro remarked that network infections need more technical skills than traditional attacks, but discovered that cybercriminals are learning quickly. Indeed, only in 2016, ATM hacks in Taiwan that were allegedly the work of an Eastern European gang, netted a hefty amount of $2m.

The malware itself is also advancing in sophistication. In 2015, experts from a cybersecurity firm called Proofpoint revealed a strain known as “GreenDispenser” that had been created in a way that would leave “little if any trace of how the ATM was robbed”.

Recently, in July and August 2016, cash machines in Thailand were emptied with the using a new form of malware dubbed as “Ripper”, which circulated via email phishing.

The Government Savings Bank (GSB) of Thailand was forced to shut down half of its ATMs after hackers jeopardized roughly 12 million baht (£260,000, $350,000).

In many cases, the identities of the culprits remain unknown. However, the report said that evidence has connected some strains of malware to individuals in Russia and Latin America.

“ATM malware attacks in various parts of the world continue to make headlines and cause significant costs to the financial industry,” stated Martin Roesler, a Trend Micro researcher.

“We can gather that the use of ATM malware is becoming more commonplace, with cybercriminals constantly improving their attack methods in hopes of remaining undetected and unapprehended.

“This poses a growing problem to financial institutions.”