Views

Beware of the rise of ATM attacks

Banks must not neglect protecting ATMs as hackers often view them as easy access to bank's infrastructure

While "smash and grab" attacks on automated teller machines (ATMs) are nothing new, in the evolving world of cybercrime, cash machines are now a focus for operatives aiming to siphon bounty ranging from customer data to cash.

The Asia-Pacific (Apac) is still a region dominated by the use of cash.

Although cases of robbery or people getting mugged at ATMs are relatively rare, particularly in Singapore, ATM fraud has actually been a growing phenomenon for a few years now.

In 2011, a syndicate cheated DBS Bank customers of more than $1 million by skimming personal identification numbers at two ATMs in Bugis.

Then in 2016, two Romanians were jailed for up to three years for stealing $75,000 from ATMs by using cloned cards.

Over the past decade, ATM malware has developed rapidly.

The European Union Agency for Law Enforcement Cooperation, known as Europol, highlighted the emerging threat of ATM malware as it warned that incidents of ATM targeting are likely to rise in the future.

ATM attacks fall into two categories: physical or logical.

A physical attack sees the perpetrator present before, during or after the crime. It involves the use of physical force to compromise the machine; this still occurs in several areas of Apac.

A Federal Bureau of Investigation warning recently concerned a logical attack, which generally involves malware and specialist electronics to gain control of the ATM and access to customer data and funds.

Theft at the ATM interface is becoming more sophisticated and profitable. According to ATM manufacturers Diebold Nixdorf, ATM "skimming" now has a global cost exceeding US$2 billion (S$2.7 billion).

Skimming is the act of siphoning customer data at the ATM using hardware that mimics the appearance of machine components. The technology needed is easy to legally purchase online.

Skimming hardware is discreet and effective and is often virtually impossible to spot. Some equipment can now be as thin as a credit card and can be installed inside the ATM's card slot.

The 'skimmer' can siphon the card details of consumers.

The most sophisticated form of logical ATM attack is referred to as cashout or jackpotting. This involves infecting an ATM with malicious software.

An early form of this type of attack involved the transfer of malware to the ATM on a USB. Modes of infiltration have since become more effective.

In 2016, a group of hackers in Japan stole US$13 million from ATMs in a three-hour, 14,000 withdrawal spree.

Banks cannot afford to ignore the dangers ATMs are prey to. Hackers often view ATMs as easy access to a bank's infrastructure. And while unauthorised access might not always be preventable, restricting the extent of this infiltration is key.

For example, hacking using hijacked employee credentials has become prevalent in recent years. This can be mitigated by centrally securing privileged credentials, with multi-factor authentication and controlling network access based on need.

By constantly monitoring events and patterns, it becomes easier to spot irregularities and unusual activity.

Like all other forms of cyber-crime, ATM attacks are changing and adapting all the time.

It is therefore essential for banks to understand this threat and to keep the integrity of their ATM security one step ahead of cyber criminals.

The writer is vice-president of Solution Engineers, Asia Pacific and Japan, at CyberArk, a security software company.

Technology