The move from physical ATM attacks to cyber ATM attacks
Criminal activity continues to shift from the physical realm to the cyber realm as 2017 approaches. For a great example of this shift, look no further than the automated teller machine (ATM) at your local bank.
Criminal exploits involving ATMs largely began as physical attacks. For example, a popular technique used to be ram-raiding, the practice of using a heavy duty vehicle like a truck or SUV to literally ram into the ATM in hopes of gaining access to the money inside. But with the rapid move to a more digital universe, these types of attacks are no longer as commonplace. Meanwhile, the threat of cyber attacks continues to grow.
A recent report from Kaspersky Lab took a deep look at ATM security and laid out some future attack scenarios for banks to ponder. According to the report, a high number hacking incidents occurred on ATMs in the last three years. The numbers highlight the rapid growth of cyber attacks on ATMs and the banking industry.
Types of ATM fraud
According to Kaspersky Lab, all ATM fraud falls into one of two categories:
1) Direct losses occur when a hacker obtains money directly from an ATM through illicit means.
2) Indirect losses occurs when a hacker obtains cardholder data from an ATM user and then uses this data to obtain funds in the future or as part of an identity theft scheme.
A large number of cyber attacks on ATMs fall into the latter category of indirect losses, as hackers create methods to obtain personal credentials and other personal information for use at a later time.
— Kaspersky Business (@KasperskyLabB2B) September 30, 2016
Concerns about the security of biometric data
Of the many hacking scenarios laid out in the report, attacks on biometric data and devices garnered a lot of attention. Biometric authentication technology involves identification of clients based on psychological, morphological or behavioral
The issue with biometric authentication systems, the report strongly noted, is twofold. First, biometric devices often connect to ATMs via USB/serial ports, which can be hacked more easily than other ATM components. Additionally, a huge security nightmare can occur with the theft of biometric data.
That is, a personal identification number (PIN) can be changed, a fingerprint cannot.
And biometric data hacks are but one of many security issues at hand for the banking industry in the coming years. The authors of the report offered up both recommendations for preventing attacks and other potential countermeasures to battle this growing threat.Source → Kaspersky Lab