ATM Logical Attacks

EAST EGAF holds 27th Meeting in Amsterdam

Posted on

 

The 27th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 14th September 2022 at ING Bank in Amsterdam.  The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 23 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 9 people were in the room and there were 14 virtual participants.

Experts from the following organisations contributed to the meeting: Atruvia AG, Bits A/S, BKA, BVK, Cennox, Damage Control, Diebold Nixdorf, Europol, Group-IB, ING Bank, KAL, Mastercard, NatWest Group, NCR, PSA, TietoEVRY, and TMD Security.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on follow up to two EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks and presentations were also made in relation to ATM black box attacks, to PCIDSS 4.0 (new requirements relating to e-commerce) and to Transaction Reversal Fraud.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 272 Fraud Alerts have been issued as can be seen in the table below.

Europol launches updated ATM Logical Attack Guidelines at 1st EAST Global Congress

Posted on

Europol has published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The new document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  Production of the document was coordinated by the EAST Expert Group on All Terminal Fraud (EGAF).

It has three sections:

  1. Description of Modi Operandi
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence
  3. Identifying and responding to Logical Attacks

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Lachlan Gunn, EAST Executive Director, said “This latest version draws upon feedback and expertise from both law enforcement and the private sector, cemented by a working partnership between Europol and EAST EGAF.  We are very grateful to Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), and his team at for making this possible.  I would like to thank Otto de Jong (ING Bank and EAST EGAF Chair) and Christian Beine (Diebold Nixdorf) for their key role in leading this exercise, and to also extend my thanks to GMV, INTERPOL, NCR, TMD Security and Trend Micro for their invaluable work and contributions”. 

ATM Logical Attacks

Pictured above at the launch are (Left to right) Lachlan Gunn, Edvardas Šileris, and Otto de Jong.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

EAST EGAF holds 26th Meeting in Amsterdam

Posted on

The 26th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 11th May 2022 at ING Bank in Amsterdam.  This was the first in-person EGAF meeting since January 2020.  The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 26 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 10 people were in the room and there were 16 virtual participants.

Experts from the following organisations contributed to the meeting: Atruvia AG, Bits A/S, BKA, BVK, Cartes Bancaires (CB), Cennox, Damage Control, Diebold Nixdorf, Europol, Gendarmerie Nationale (IRCGN), GMV, Group-IB, INTERPOL, LINK Scheme, Mastercard, NatWest Group, NCR, Polish Bank Association, PSA, Swedish National Anti-Fraud Centre, TietoEVRY, TMD Security, and Worldline.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on two recent EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 270 Fraud Alerts have been issued as can be seen in the table below.

ATM jackpotting attacks fall in Europe

Posted on

EAST has published a European Payment Terminal Crime Report covering 2021 which highlights a fall in ATM jackpotting attacks.

ATM JackpottingATM malware and logical attacks against ATMs were down 74% (from 202 to 52). All the reported attacks were aimed at ATM jackpotting, either using black box attacks or malware. A black box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses fell from €1.2 million to €0.7 million).

EAST Executive Director Lachlan Gunn said, “This fall in ATM malware and logical attacks is great news and reflects the hard work that has been put in by the industry and law enforcement to address the issue. Most such attacks remain unsuccessful. A recent trend is a shift from logical black box attacks to malware attacks aimed at ATM jackpotting. When executed similar holes are made in the ATM fascia and so it can be difficult to work out which type of attack took place. Our Expert Group on All Terminal Fraud (EGAF) is focussed on countering such attacks, with close cooperation between industry partners and law enforcement. EGAF is working with Europol right now to update a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’, which has been a key tool in the fight against such attacks.”

Terminal related fraud attacks were down 8% (from 6,523 to 5,969 incidents). All fraud types were down except for cash trapping at ATMs, which increased by 14% (from 1,829 to 2,086 incidents). Total losses of €198 million were reported, down 9% from the €218 million reported in 2020. Most losses remain international issuer losses due to card skimming, which were €166 million.

ATM related physical attacks were up 6% (from 3,722 to 3,947 incidents). Attacks due to ram raids and ATM burglary were down 40% (from 749 to 447 incidents). ATM explosive attacks (including explosive gas and solid explosive attacks) were down 32% (from 923 to 629 incidents). Losses due to ATM related physical attacks were €10 million, a 55% decrease from the €22 million reported during 2020. 64% of these losses were due to explosive attacks, which were down 56% from €14.59 million to €6.35 million.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAF holds 25th Meeting

Posted on

The 25th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 19th January 2022.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

A presentation on ‘Jackpotting with Malware’ was made by Diebold Nixdorf.

Experts from the following organisations also contributed to the meeting:  Bits A/S, BKA, BVK, Cardtronics, Damage Control, Dutch Payments Association, Europol, Gendarmerie Nationale (IRCGN), GMV, Group-IB, INTERPOL, KAL, LINK Scheme, Mastercard, MCMA, NatWest Group, NCR, PSA, Swedish National Anti-Fraud Centre, TietoEVRY, TMD Security, and TrendMicro.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 264 Fraud Alerts have been issued as can be seen in the table below.

EAST

 

ATM Explosive Attacks fall in Europe

Posted on

EAST has published a European Payment Terminal Crime Report covering the first 6 months of 2021 which shows a significant fall in ATM explosive attacks.

While overall ATM related physical attacks were up 2% (from 1,829 to 1,873 incidents), mainly driven by a rise in vandalism, ATM explosive attacks (including explosive gas and solid explosive attacks) were down 52% (from 505 to 241 incidents).  Attacks due to ram raids and ATM burglary were down 42% (from 405 to 234 incidents).  Losses due to ATM related physical attacks were €4.9 million, a 61% decrease from the €12.6 million reported during the same period in 2020.  35% of these losses were due to explosive attacks, which were down 58% from €7.6 million to €3.2 million.

EAST Executive Director Lachlan Gunn said, “The first 6 months of this year have been influenced by the Covid-19 pandemic, although travel restrictions have eased across Europe. This significant fall in explosive attacks at ATMs is welcome news for all of us, given the destructive nature of such attacks and the resultant risks to life and property. However, the prize remains an attractive option for criminals and the average cash loss per successful solid explosive attack is now estimated at €40,877. To address the issue our EGAP expert group has worked closely with Europol and other Law Enforcement Agencies, and all parties remain vigilant to the threat.”

ATM malware and logical attacks against ATMs were down 74% (from 129 to 33) and all but one of the reported attacks were Black Box attacks. A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, to ‘cash-out’ or ‘jackpot’ the ATM. Related losses were down 37% from €1.0 to €0.63 million. Most such attacks remain unsuccessful.

Terminal related fraud attacks were down 24% (from 3,631 to 2,775 incidents). Card skimming fell to another all-time low (down from 321 to 279 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 100% (down from 108 to zero incidents). Total losses of €102 million were reported, down 6% from the €109 million reported during the same period in 2020. Most losses remain international issuer losses due to card skimming, which were €86 million.

A summary of the report statistics under the main headings is in the table below.

 

The full Crime Report is available to EAST Members (National, Global and Associate)

EAST EGAF holds 24th Meeting

Posted on

The 24th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 15th September 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 23 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Presentations were made by the BKA, INTERPOL, and Diebold Nixdorf.

Experts from the following organisations also contributed to the meeting:  AXEPTA-BNP Paribas, Cardtronics, Damage Control, Dutch Payments Association, Europol, Federal Office of Police (FedPol), Fiducia & GAD, GMV, Mastercard, NatWest Group, NCR, PSA, KAL, Santander Bank, TMD Security, and TrendMicro.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 262 Fraud Alerts have been issued as can be seen in the table below.

EAST EGAF holds 23rd Meeting

Posted on

The 23rd Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 12th May 2021.  Due to the Covid-19 situation, it was conducted as a virtual meeting and was chaired by Otto de Jong of ING Bank.

The meeting was attended by 28 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Presentations were made by EuropolINTERPOL, Swedish Police, Damage Control Mexico, and Diebold Nixdorf.

Experts from the following organisations also contributed to the meeting:  Bits A/S, BVK, Cennox, GMV, Mastercard, NatWest Group, NCR, PSA, KAL, Santander Bank, TietoEVRY, TMD Security, and TrendMicro.

The meeting approved a list of recommended Countermeasures against ATM Malware and Black Box attacks, which will be shown, as applicable, in future EAST Fraud Alerts.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 260 EAST Fraud Alerts have been issued as can be seen in the table below.

EAST presents at the ATEFI Security Committee 2021

Posted on

EAST Development Director Rui Carvalho presented at the ATEFI Security Committee on 30th April 2021, a virtual event.  The impact of the Covid-19 pandemic has made it more important than ever for the sharing of threat intelligence to strengthen security strategies in Electronic Payments.  The event focussed on both physical and cyber security.  Rui shared key information and statistics from the latest EAST Payment Terminal Crime Report, as well as insights from the 9th Meeting of the EAST Payments Task Force (EPTF) held on 14th April 2021.  He covered:

  • ATM Malware & Logical Attacks
  • Terminal Related Fraud
  • ATM Physical Attacks
  • Payment Fraud (social engineering, ransomware, e-skimming)

The event was attended by public officials, law enforcement agencies, regulatory entities, representatives of international organisations, Managers and Network Security Officials, ATEFI Members from the entire LATAM region and Spain, as well as bank officials, representatives of the Latin American Bank Associations, Credit and Debit Card executives, and specialised media.

ATEFI is the Latin American Association of Operators Electronic Funds Transfer and Information Services and represents 20 ATM networks in 14 countries throughout Latin America.

In May 2016 EAST and ATEFI joined forces in order to further strengthen cross border cooperation in combating all types of payment crime including payment card fraud, hi-tech crime and ATM cyber and physical attacks.

Terminal fraud attacks in Europe drop during the Covid-19 pandemic

Posted on

Terminal fraud attacks in Europe drop during the Covid-19 pandemicEAST has published a European Payment Terminal Crime Report covering 2020 which shows that terminal related fraud attacks have dropped significantly during the Covid-19 pandemic.

Terminal related fraud attacks were down 64% (from 18,217 to 6,523 incidents). Card skimming fell to another all-time low (down from 1,496 to 656 incidents) and transaction reversal fraud (TRF) at ATMs decreased by 97% (down from 9,054 to just 250 incidents). Total losses of €218 million were reported, down 14% from the €249 million reported during 2019. Most losses remain international issuer losses due to card skimming, which were €183 million.

EAST Executive Director Lachlan Gunn said, “2020 was a highly unusual year due to the Covid-19 pandemic, and crime and fraud patterns changed accordingly.  While it is good news to see such a significant fall in terminal fraud attacks, there is concern that explosive attacks at ATMs have only fallen by 6%, and that related losses are up by 39%.  The average cash loss for a solid explosive attack is estimated at €28,218, and collateral damage to equipment and buildings can be significant.  There are also major safety issues.  Despite national lockdowns and border closures, mobile organised crime groups continued to operate across Europe.

ATM related physical attacks were down 19% (from 4,571 to 3,722 incidents).  Attacks due to ram raids and ATM burglary were down 33% (from 1,122 to 749 incidents).  ATM explosive attacks (including explosive gas and solid explosive attacks) were down 6% (from 977 to 923 incidents).  Losses due to ATM related physical attacks were €22.4 million, a 1% increase from the €22.1 million reported during 2019.  47% of these losses were due to explosive attacks, which were up 39% from €10.49 to €14.59 million.

ATM malware and logical attacks against ATMs were up 44% (from 35 to 129) and all the reported attacks were Black Box attacks.  A Black Box attack is the connection of an unauthorised device which sends dispense commands directly to the ATM cash dispenser, in order to ‘cash-out’ or ‘jackpot’ the ATM.  Related losses were up 14% from €1.09 to €1.24 million.  Most such attacks remain unsuccessful.

A summary of the report statistics under the main headings is in the table below.

The full Crime Report is available to EAST Members (National, Global and Associate)