Cybercriminals began targeting automated teller machine (ATM) software back in 2009. Since then, new ATM malware families have been springing up every year. By 2016, fraudsters realized that the ATMs could be accessed through the network.

Cybercrooks have two options to loot an ATM: leverage direct physical access to an ATM endpoint or gain access to the machine through the network. The latter method is progressively gaining popularity because it eliminates the need to physically access a target ATM, increasing the chance of success. Once the network is compromised and malware is installed on the endpoint, a money mule who is standing by picks up the cash and whisks away.

This shift to network-based ATM attacks has gone unnoticed by a large number of banks. They understand the variety of physical ATM breaches but don’t realize that cybercriminals are already a step ahead, exploring opportunities for network-based campaigns.

In July 2016, for example, actors withdrew $2.66 million from 41 ATMs at 22 branches of Taiwan’s First Commercial Bank without laying a finger on a PIN pad. Later that summer, the Cobalt cybergang launched coordinated ATM network attacks in several European countries, including the U.K., Spain, the Netherlands, Romania, Poland and Russia.

Three Crucial ATM Network Security Gaps

Such attacks typically stem from three crucial ATM network security gaps that are inherent to a large number of banking institutions. These lapses are obvious and fairly simple to eliminate. If left unmitigated, however, they facilitate easy unauthorized access to ATM networks.

1. Ignoring Network Segregation

Unfortunately, some banks still have flat networks that unite all corporate hardware, including ATMs. A well-planned network architecture requires the ATM network to be separate from the main one. This creates an additional challenge for fraudsters targeting ATM endpoints.

2. Lack of Security Between Networks

Even when banks do segregate networks, little attention is paid to implementing security controls to manage access from one network to another. The two ATM attacks mentioned above are consequences of this mistake, since the cybercriminals managed to breach ATMs via the banks’ main networks.

To protect against ATM network security threats, financial institutions should install perimeter firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS) and antivirus software.

3. Outdated Operational Systems

An overwhelming majority of ATMs installed worldwide still run Windows XP or Windows XP Embedded, which Microsoft stopped supporting in 2014 and 2016, respectively. This means that hundreds of banks are exposed to ATM network security breaches due to the absence of patches for these outdated operational systems.

An Advanced Approach to ATM Protection

As ATM network attacks become more sophisticated, it’s important for financial institutions to apply advanced security measures with the help of a security information and event management (SIEM) system. SIEM tools receive logs from a controlling network server and ATM endpoints, and employ correlation rules to help security analysts monitor things such as as entries into the network, the launching of unsolicited services, software integrity and antivirus feeds. This delivers a comprehensive overview of the ATM network security posture at any moment.

Another advanced ATM protection method is penetration testing, which simulates an attack to help security professionals uncover vulnerabilities before fraudsters have a chance to exploit them. Penetration testing checks cover patching, file system security, system access and authentication, auditing and logging, and account configuration.

The implementation of an SIEM system, coupled with annual penetration testing, considerably reduces the attack surface of an ATM network. These advanced ATM protection methods work best on a segregated network with proper security devices installed and operating systems updated.

Banks are already fortifying their ATMs against physical attacks, which have historically been frequent. It is safe to assume that financial institutions will become more meticulous about ATM network security once they reach a breaking point with network-based attacks. Instead of staying a step behind cybertheives, banks should address network security issues now to escape financial loss and reputational damage that could result from a widespread ATM breach.

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…