ATM malware has evolved from requiring physical access to infect the machines to now successfully attacking network-based access using the bank's corporate network, a new report said on Tuesday.
Global cyber security solutions leader Trend Micro and Europol's European Cybercrime Centre (EC3) released a comprehensive report titled "Cashing in on ATM Malware", that details both physical and network-based malware attacks on ATMs as well as highlights where the malware is created. The report dissects recent attacks using bank networks to both steal money and credit card data from ATM machines, regardless of network segmentation. The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately. While industry and law enforcement cooperation has developed strongly, the crime continues to thrive due to the major financial rewards available to the organised crime groups involved," said Steven Wilson, Head of EC3. These attacks not only risk personally identifiable information (PII) and large sums of money, but also put banks in violation of PCI-compliance standards.
"Protecting against today's cyber threats and meeting compliance standards require increased resources that are not always available for organisations, including those in the financial services industry," added Max Cheng, Chief Information Officer for Trend Micro. Public-Private Partnership strengthen the global, ongoing fight against cybercrime, and help fill the resource gap for organisations. "A well-designed security plan can go a long way towards ensuring that an ATM installation can become very difficult to exploit and victimise," said Nilesh Jain, Country Manager-(India and SAARC), Trend Micro.
5 ways criminals 'hack' into ATMs
Last year, India witnessed one of the biggest financial data breaches in its banking history. Over 32 lakh debit cards (some reports even put the number at 62 lakh) of some 19 banks across the country were hacked. Customers affected included those from some of the top banks in India like State Bank of India, Yes Bank, Axis Bank, ICICI Bank, HDFC Bank and others. According to reports, malware somehow creeped into a Yes Bank ATM in Himachal Pradesh infecting the bank's system. This malware subsequently spread into the network of other banks' ATMs when their customers used the infected ATM machine. While this was a malware-ridden breach, there are also several other traps that fraudsters set up at ATMs to dupe bank customers. Here are six common ways that criminals use to 'hack' into ATMs.
1. Card skimmer
These devices are installed on the card reader slot to either copy the information from the magnetic strip of your card or steal the card itself.
2. Bulky card slots
Beware, if you think that the card slot feels slightly bulky or misaligned, as there may be chances that an additional card reader slot has been placed on top of the actual one.
3. Loose slot
Another sign of an ATM hack is 'loose slot'. So, in case the slot appears wobbly or loose, it indicates the presence of a ‘Lebanese loop’, which is a small plastic device with a barb that holds your card back in the machine. You may think the machine has swallowed your card or it has been stuck.
4. False front
It may be a little difficult to detect as the fake front completely covers the original machine, because it is installed on top of it. This allows fraudsters to take your PIN as well as money.
5. Fake keypads
his is placed on top of the actual keypad. If the keypad feels spongy to touch or loose, don’t enter your PIN.
