Cyber criminals are increasingly accessing ATM machines through the banks’ networks, with squads of money mules standing by ready to pick up the stolen cash, Europe’s policing agency warned Tuesday.
“The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately,” said Steven Wilson, who head’s Europol’s EC3 cyber crime centre.
Previously criminals used physical ‘skimming’ devices or USB sticks or CDs to install malware within ATMs but since 2015 “a new and unnerving trend… has been picking up speed,” Europol said in a 40-page report on the latest ATM crime trends.
“The criminals have realised that not only can ATMs be physically attacked, but it is also very possible for these machines to be accessed through the (bank’s) network,” the report said, which was published in conjunction with the Trend Micro security software company.
One of the tricks used by hackers is to send a so-called phishing email to bank employees which once opened, contains software to penetrate the bank’s internal computer network.
Once the ATM has been targeted and told to dispense the money “standby money ‘mules’ will pick up the cash and go.”
Europol warned that incidents of ATM targeting is likely to rise in the future.
“In the past, banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks,” Europol said.
“This is no longer the case.”
The policing agency also said that “financial organisations need to take more steps to secure their ATM installations by deploying more security layers.”
In addition to a public report, Europol is also giving out a private report providing details to institutions to firm up their security against ATM piracy.