Trend Micro, Europol
Overview: ATM malware is one of the digital threats that have been around for a while now, with the discovery of the first known variant dating back to 2009. It should not be a surprise that it has become a mainstay in many cybercriminals’ arsenal because it can, plainly put, steal cold, hard cash.
We have seen time and again how cybercriminals plant skimming devices on automated teller machines (ATMs), even those exposed in public sight, and how they use other physical attacks for quick gains.
However, as cybercriminals continue to aim at siphoning off considerable profits, it only makes sense that they would progress to targeting ATMs via networks. After all, finding a way to bypass security and infiltrate the financial institutions’ networks promises a bigger payout.
Couple that motivation with the fact that many ATMs run on outdated operating systems, and you get a compelling reason for the sustained cybercriminal use of ATM malware. Such operating systems are vulnerable since they have already reached end of support, meaning there will no longer be security updates and hotfixes provided for them. Consequently, machines that rely on obsolete operating systems are highly susceptible to attacks.
In this paper, we explore in detail the different known ATM malware families and attack types (physical and network-based) and how attackers operate their way to and around their target infrastructures.