Understanding criticality of ATM Malware post demonetization

Following several incidences of ATM scanning attacks, which are now fading away, a new form ATM attack has cropped up – Malware attacks.

Photo Credit : Flickr,

While the hype and hoopla around demonetization is slowly wearing out, what it has left in its wake is an ecosystem ripe for cyber criminals and hackers to exploit. The recent hacking of more than 3.2 million debit cards is fresh in people’s memory, with ATM machines serviced and maintained by Hitachi Payment System being compromised by malware as per reports. This seems like only the tip of the iceberg and doesn’t augur well for what lies ahead in the future. This also shows that the sorry state of our current digital security.  While malware threats hovering around retailer’s point-of-sale terminals have been in the spotlight for quite some time now, banks and general masses must be aware of a new development is the security landscape – ATM malware. Post demonetization of 500 and 1000 rupee notes in India, ATMs have suddenly become the most visited places in the country with hundreds and thousands of people queued up in front of them. However, to counter such a situation, the maximum security arrangement ATMs have is CCTV cameras, which could be of no match to the shrewd and cunning tactics of hackers. This is mostly because, they know very little or almost nothing of the emerging threats posed by malware attacks that target ATMs.

Following several incidences of ATM scanning attacks, which are now fading away, a new form ATM attack has cropped up – Malware attacks. Owing to various reasons like the risk involved, which is generally high and profitability being on the lower side, skimming attacks on ATM is now a passé. Nevertheless, if attackers can find a way to compromise the ATM software, it could give them a payout bigger than any normal human being can fathom. Incidences of draining ATMs through malware have already been reported in counties like UK. Adding to the strain is the fact that malware attack on ATMs is a hot button topic in the realm of ATM frauds. Developing these malwares is time consuming and criminals are spending a lot of time on them. Furthering the plight of the stake holders, the attacks are mostly very difficult to identify as such malwares are difficult to detect.

The recent malware attack waged against a leading bank in the United Kingdom is a perfect example of such an attack. The malware used in this case was so sophisticated and somber that it went undetected for days put together. It is alleged that the malware was installed over a bank holiday and was detected only after the staff resumed their duties at regular business hours. Additionally, the malware was so subdued that the compromise was detected only after the ATM was drained of case. Experts are of the opinion that the installation of malware needed physical efforts, which enabled the hackers to withdraw money in the near future, simply using a passcode, rather than using a passcode and a PIN. The malware completely supersedes the ATMs control systems, allowing the machine to continuously disperse money until the ATM is jammed.  

It has however been established by experts that a majority of such attacks are physical attacks that entail physical installation of the malware. While there are some ATMs, which have been attacked through networks, but that would still require somebody to set up the malware using a USB or any device that can be attached to the machines.

While there could be innumerous ways to attack ATMs, which are still unknown to experts, they have been able to categorize the emergence of a few ways of attacking ATMs viz. ‘Jackpotting’ attacks, which aim to quickly drain ATMs of cash before a compromise is detected and there are also card-less ATM attacks, where hackers can get money out the machines through a supposed transaction replay, mobile phone communication and even passcodes.

The only extenuating aspect of these attacks is that the cyber-criminal have developed and implemented malware designed to withdraw cash directly from ATMS without compromising consumers’ debit cards. These are malwares that allow criminals to rule out the amount of money in each cash cassette and then control the machine to dispense it.

The financial institutions or banks need to pay attention to such emerging threats and formulate practices the counter such tactics.

The basic precautions which can be taken around such threats are to review security around the ATM, which should include general premises and the machine’s immediate surroundings. Look out for extra-terrestrial devices that could be attached to the machine and conduct regular inspections with enhanced security protocols. Furthermore, limiting cash refill only enough for a day’s transaction and performing cash maintenance only in a locked store with no customers around are some basic precautionary measures that such institutions can follow.

In an economic scenario of demonetization, where the general public is experiencing major cash crunch, there could be some crafty hackers amid them looking for a lose end to sneak into the systems. The country today, to a great extent is relying on the ATMs to bring the crunch to a state of equilibrium and therefore, keeping ATM security intact is of prime significance.

Tags assigned to this article:
security cyber crime cyber attacks malware atm


Around The World