An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 30 minutes, and even less, in certain types of attacks.
Cybercriminals are using various sophisticated methods including physical access and remote access by compromise the bank network in order to steal money from ATM.
The report said: “Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week. The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users’ bank cards (also known as skimming). Experts said that 85% of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to. Researchers said that 27% of the tested ATMs were vulnerable to having their processing centre communications spoofed, while 58% of tested ATMs had vulnerabilities in their network components or services that could be exploited to control the ATM remotely.”
Recent ATM based attacks targeted by malicious hackers stealing cash from cardless ATM using a new form of SMS phishing attack that force let user give away their bank account credentials into the phished website.
U.S. Secret Service also warned the new form of ATM skimming attack called “Wiretapping” targeting the financial institutions by creating a small size of the hole in the ATM machine and steal the customer data directly from card reader inside of the ATM Machine.
Also, attackers trying to inject the ATM malware families such as Alice, Ripper, Radpin and Ploutus, that is frequently available on the dark web market.