EAST FCS 2015 highlights emerging threats to the ATM Channel

Over the last few years there has been a spike in malicious software, capable of infecting and jackpotting ATMs, shifting the focus away from innovative, high-tech skimming devices and targeting a rapidly ageing ATM infrastructure. From Malware such as Plotous (originating in Mexico) to Tyupkin, attacks are evolving and growing both in sophistication and frequency.

In a European ATM Crime Report covering H1 2014 EAST reported an estimated 20 incidents of ATM Malware. These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country.  The report stated that, while many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this was the first time that such attacks were reported in Western Europe.

In a European Crime Report covering the full year 2014 EAST reported 51 such incidents, with related losses of €1.23 million.

The EAST Financial Crime and Security Forum (EAST FCS 2015), that will be held in The Hague on 11th and 12th June 2015, will include strategic and technical presentations about this emerging problem as follows:

ATM Jackpotting and Cyber-Skimming – an Update from Ukraine will highlight payment fraud issues identified in Ukraine and neighbouring countries, trends in skimming and recent developments in Jackpotting attacks

ATM Compromise with and without Whitelisting A demonstration to show how a Windows ATM platform can be compromised through malware infection

Pen-testing – Current and Future Exploits in ATM Networks  A Case Study on work carried out to secure a national ATM Network