Where The Money Is: Bank Robbers Blow Up 492 ATMs

 
Some 492 ATMs across Europe were blown up by thieves in the first half of 2016, as criminals looked to supplement their attempts at infiltrating machines via cyber-attacks.

The non-profit European ATM Security Team (EAST) claimed physical attacks soared 80% from the 273 reported in the same period in 2015, costing over €16,000 (£14,450) each, not including damage to equipment and buildings.

Total physical attacks jumped 30% from the first half of 2015 to reach 1,604 incidents in the first six months of the year, with losses rising 3% to hit €27m (£24m).

 

Cybercriminals increasingly target ATMs
The news comes as cybercriminals increasingly target ATMs with virtual or ‘logical’ attacks. Some 28 incidents were reported in the first half of 2016, up from just five the same period last year, at a total loss of €400,000 (£361,000).

These “cash out” or “jackpotting” attacks typically involve malware which takes control of the ATM’s cash dispensing function to fill the pockets of the cybercriminals.

ATM-related fraud jumped 28% to over 10,000 incidents in 1H 2016, thanks to a staggering 281% increase in Transaction Reversal Fraud, where thieves either physically interfere with the machine or attempt to corrupt transaction messages to siphon off cash funds.

ATM fraud alone cost European lenders €174m (£157m) in the first half of 2016, up from €156m (£141m) a year ago. There’s also been a rise in skimming internationally, from losses of €131m (£118m) to €142m (£128m) over the period.

The news shows criminal gangs increasingly using diverse tactics, and blending physical and online methods, to steal from banks. A report from Kaspersky Lab back in April claimed that almost all ATMs across the globe can be illegally accessed and raided without even the need to install malware, because they’re running outdated technology. That said, malware is also being used to devastating effect by some groups.

The ‘Ripper’ family was recently pegged for helping a gang steal 12 million baht (£265,400) from ATMs in Thailand.

Infosecurity Magazine: 

« US Has A Strategy To Defend Against Another Massive IoT Attack
Was North Korea Behind The IoT DDoS Attack? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

FraudScope

FraudScope

FraudScope is an AI-assisted platform that accelerates the identification of fraud, waste, and abuse.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Hubble

Hubble

Hubble grew from the idea that legacy solutions were failing to provide organizations with the asset visibility they needed to effectively secure and operate their businesses.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.