'Black Box' and Physical Attacks Against ATMs SurgePhysical Attacks Increase in US; ATM Malware and Logical Attacks Rise in Europe
Criminals have been seeking innovative new ways to steal cash from ATMs across the United States and Europe.
In the United States, Atlanta-based ATM manufacturer NCR warns that it's seen a surge in physical attacks against ATMs. It has urged operators to bring better defenses to bear, potentially including armor for ATMs as well as using ink or glue to "degrade" the value of stolen cash.
In Europe, meanwhile, attackers are increasingly plugging devices into ATMs designed to tell a machine to spit out all of the cash stored in its safe.
The European Association for Secure Transactions, or EAST, reports that while most types of ATM attacks have recently declined in Europe, ATM malware and logical attacks against ATMs have surged. While EAST counted 35 such attacks in the first half of 2019, there were 129 such attacks - a 269% increase - in the first half of this year (see: Diebold Nixdorf: ATMs in Europe Hacked). Losses due to such attacks rose from less than 1,000 euros ($1,200) the first half of last year, to just over 1 million euros ($1.2 million) this year. All of these attacks involved the use of so-called "black boxes."
"A black box attack is the connection of an unauthorized device which sends dispense commands directly to the ATM cash dispenser, in order to 'cash-out' or 'jackpot' the ATM," EAST notes (see: No Card Required: 'Black Box' ATM Attacks Move Into Europe).
Black box attacks typically require that criminals have physical access to an ATM and time to remove access panels to plug in their device and execute the attack.
In Europe, terminal-related fraud attacks - which include physical skimming devices designed to steal card data - decreased by 66% from the first half of 2019 to the first half of this year, although total losses only decreased by 12%, from 124 million euros ($145.3 million) to 109 million euros ($127.8 million), EAST reports.
In the same timeframe, "card skimming fell to another all-time low - down from 731 to 321 incidents - and transaction reversal fraud at ATMs decreased by 97%, down from 3,405 to just 108 incidents," according to EAST. Transaction reversal fraud typically involves an attacker manipulating the cash dispenser to trigger a fault, which the operator interprets as money not having been dispensed when it actually has.
"Overall crime at terminals has decreased during the lockdown phase of the pandemic," says EAST Executive Director Lachlan Gunn. "While this rise in black box attacks is of concern, most such attacks remain unsuccessful."
Gunn notes that such attacks are the focus of EAST's Expert Group on All Terminal Fraud, which involves both private organizations and law enforcement.
Although physical attacks in Europe are declining, losses are growing. Comparing the first half of 2019 with the first half of this year, the number of such attacks declined by 23%, from 2,376 to 1,829, primarily due to a decrease in ram raids and ATM burglary. But in the same timeframe, the losses increased by 11%, from 11.4 million euros ($13.4 million) to 12.6 million euros ($14.8 million), primarily driven by a rise in losses due to explosive and gas attacks.
Physical Attacks Against ATMs Rise in U.S.
Earlier this month, NCR warned that it had tracked a wave of physical attacks against ATMs in the U.S. over the first half of this year. At first, such attacks were restricted to a few regions, but they later expanded nationwide and have targeted devices from numerous manufacturers.
"The attacks average only five or six minutes onsite with losses exceeding $120,000 per unit," NCR said in a security advisory.
The physical attacks fall into three categories:
- Attacking the safe door: Attackers "attach hooks or chains to the ATM safe door" on one side and a heavy-duty vehicle on the other, "then drive off at high speed to attempt to pull the door off," NCR says. The company has released reinforcement kits that remove places where hooks can be attached, and it recommends adding additional physical barriers - such as security gates - to restrict access.
- Explosives: These are being used both to breach the safe as well as for vandalism. "Both forms of attack have increased over the summer and throughout the period of civil unrest, mass public protests and gatherings in the U.S.," NCR says, noting that it has released a new type of explosive-resistant safe designed for island drive-up ATMs.
- Pulling out ATMs: Attackers can pull ATMs off of their bases and take them elsewhere to breach them. Better anchoring systems and security gates can help block these types of attacks as well as serve as visual deterrents, NCR says.
For all of these types of attacks, NCR recommends operators use "cash degradation systems in the form of ink solutions which will ultimately 'spoil the prize' and permanently stain the banknotes to reduce their value if a unit is attacked."
Brazil provides an example of how effective countermeasures can successfully block physical attacks, NCR says. "Brazil had 1,027 physical attacks across their ATM estates in 2018 - 11 of which were solid explosive attacks," it says. Compare that to previous years, "where they were experiencing up to 240 solid attacks per year, circa 2011, and over 35,00 physical attacks per year, circa 2013," it says. "Countermeasures, such as ink staining systems implemented by banks in this region, have helped to bring the overall number of attacks down year on year. "
Slowing Attacks Down Remains Key
NCR says attackers will continue to devise new ways to target ATMs.
"We can never expect criminals to leave ATMs alone. Criminals will continue to modify their attacks and attempt new kinds in one market and expand them to others. And physical attacks are on the rise," NCR says. "The only real defense is to stay proactive in securing your ATMs. No one solution fits all types of attacks, so layering up, slowing down the attack and working with local law enforcement are key to success."