| |November 20209of Investigation is more concerned about the latter attack as it involves customer data and funds.Skimming the Top Theft that occurs at the ATM itself is becoming more profitable and sophisticated. According to Diebold Nix-dorf, the ATM manufacturers, ATM 'skimming,' now costs the global economy more than USD 2 billion. Skimming is the act of syphoning customer data at the ATM using hardware that mimics the appearance of le-gitimate machine components. The technology needed is easily available online for purchase. While methods and components vary greatly, skim-ming hardware is now more discreet and effective and is often very difficult to spot. Some equipment is now as thin as a credit card and can be installed inside the ATM's card slot. Once operational, the `skimmer' can syphon the card details of unwitting consumers and sometimes directly to the perpetrator's mobile via Bluetooth.Hitting the Jackpot Jackpotting is the most sophisticated form of logical ATM. This approach involves infecting an ATM with malicious software. Any early form of this type of attack involved the transfer of malware to the ATM on a USB through an interface portal. Modes of infiltration have since become more effective and require even less in-volvement by the hacker. As recent research by EAST shows, `black box' ATM attacks have been on the rise in Europe. To perform this type of attack, the perpetra-tor connects a device called `black box' to the ATM's `top box'. The device then reverts the machine to supervisor mode and dispenses cash. While the number of planned black box attacks in Europe has been increasing, the rates of criminal success have been decreasing due to the work of the agencies such as EC3, Europol's European Cybercrime Centre.Smart PrecautionsMoney is the main driving force behind 90 percent of all cyberattacks and unsecure ATMs present a soft target for criminals. Hackers are always looking out for loopholes across the spectrum of bank IT infrastructures and end-points. Banks cannot afford to ignore the dangers ATMs are vulnerable to as hackers often view ATMs as easy tar-gets. And while unauthorized access might not always be preventable, restricting the extent of this infiltration is key.For instance, hacking using hijacked employee creden-tials has become prevalent in recent years. This issue can be mitigated by centrally securing privileged credentials with multi-factor authentication and controlling network access based on specific need. Therefore, hackers are re-stricted in terms of their mobility within the environment and the extent to which they can compromise security controls and access cash.Diligence for PreventionBanks have the responsibility to constantly monitor threat risks. This should involve a holistic approach to how vulnerabilities are identified and should include ATMs as a first line of defence. By constantly monitoring events and patterns, one can more easily spot irregularities. If vigilance is constant, reaction times can become quicker to prevent the sy-phoning of data or access to cash funds by hackers.Today, ATMs require the same levels of rolling security provision and up-grading as every other aspect of bank infrastructure. Like all other forms of cybercrime, ATM attacks are changing and adapting all the time. It is therefore essential for banks to understand this threat and to keep integ-rity of their ATM secu-rity one step ahead. Banks have the responsibility to constantly monitor threat risksRohan Vaidya
< Page 8 | Page 10 >