ATM hacks surged 269% in Europe in 2020 H1, recent findings reveal

Edward G. | February 9, 2021

Criminals have been targeting automated teller machines (ATMs) for as long as they have been available to the public. Many already know about scams where fraudsters hook up a small device to the ATM to steal credit card information, usually referred to as card skimming.

However, recent findings by Atlas VPN reveal that cybercriminals started to hack into the ATMs using malware and logical attacks. A logical or malware attack is a type of cyber attack where threat actors alter the ATM software to access the cash dispenser.

When hackers gain access to the dispenser, they can collect ATM users' credit card details to prepare fake credit and debit cards. Also, hackers can collect the cash available in the ATM, depending on what part of the software the criminals could access.

The research is based on European Association for Secure Transactions (EAST) data covering the first six months of 2020.

ATM malware and logical attacks went up from 35 to 129 in the first half of 2020, representing a 269% increase from last year.

Losses caused by malware and logical attacks rocketed from less than €1,000 in 2019 H1 to just over €1 million in 2020 H1.

On the other hand, even though the first half of 2020 saw the most attacks, it did not exceed the monetary losses of 2017 H1. Then, cybercriminals stole over €1.51 million from 114 successful cyber-attacks.

The fact of the matter is that hackers are always looking for new ways to gain access to credit/debit card information or cash. Thus, it is of utmost importance to upgrade the ATM software regularly to eliminate any new vulnerabilities that criminals found.

Physical attacks cause most losses

Physical ATM attacks are much more common and cause bigger financial losses. There are various types of physical attacks.

One of the most common types of physical attacks is ram raids, rip out, explosive attacks, or burglary.

Meaning, the ATM is attacked and is either ripped out or opened with on-site tools. Rip out attack means that criminals use a vehicle to rip out the ATM out of its location. Forklift trucks or mechanical diggers are mostly used for these instructions. Then, the ATM is opened on-site or is transported to a different location.

Some attacks choose to destroy the ATM on the spot with explosives or other tools, like cutting discs. Once the safe has been blown or cut open, the burglars remove the cash.

ATM-related physical attacks were down from 2,376 to 1,829, amounting to a 23% decline.

However, even though the number of attacks declined in 2020 H1, losses due to physical attacks were €12.6 million, an 11% increase from the €11.4 million in 2019 H1.

The bigger part of the damages was driven by an increase in losses due to explosive and gas attacks, which went up from €5.1 million to €7.6 million, representing a 49% jump in a year. The number of explosive attacks increased only slightly, from 503 incidents in 2019 H1 to 505 attacks in 2020 H1.

In contrast, ram raids and ATM burglary lessened by 34%, from 610 to 405 incidents.

For some, the fact that these attacks still happen so often in Europe might seem like a Hollywood movie. The European Association for Secure Transactions admits that this is one of the most serious issues they face.

For those interested in how to prevent physical ATM attacks, we recommend reading the official “PREVENTING PHYSICAL ATM ATTACKS” report by EAST.

John C.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.

Tags:

malwarehackATM