Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

EU Authorities Fight Back Against “Black Box” ATM Attacks

Europol has announced that a total of 27 related arrests have been made since the ATM black box threat first emerged in 2015. Eleven arrests have been made in France, four in Estonia, three in the Czech Republic and Norway, and two in The Netherlands, Romania and Spain.

Europol has announced that a total of 27 related arrests have been made since the ATM black box threat first emerged in 2015. Eleven arrests have been made in France, four in Estonia, three in the Czech Republic and Norway, and two in The Netherlands, Romania and Spain.

A black box attack is a logical attack against cash dispensers. It requires gaining access to the inner workings of the machine, usually, notes Europol, “by drilling holes or melting.”

Once access is achieved, the cash dispenser is disconnected from its core working, and connected instead to the hacker’s own electronic device — the so-called black box. The attacker then simply issues the necessary commands to empty the cash dispenser; an act known as ‘jackpotting’, which bypasses any need for a card or transaction authorization.

Since a black box attack simply empties the whole machine, rather than attempting to extract available cash from an individual account, a single successful attack can potentially steal hundreds of thousands of Euros.

According to Europol, black box attacks have increased dramatically. It quotes a recent report from the European ATM Security Team (EAST) which reports 58 such attacks in 2016 compared to just 15 in 2015. In reality, however, the majority of attacks fail. Although the attacks increased, the related losses fell by 39% from €0.74 million to €0.45 million.

EAST attributes this fall largely to its own work. “While the rise in ATM black box attacks is a concern,” said executive director Lachlan Gunn, “we are pleased to note that many of these attacks were not successful. In 2015, to help the industry counter such attacks, our EAST Expert Group on ATM Fraud (EGAF) worked with Europol to produce a document entitled ‘Guidance & recommendations regarding logical attacks on ATMs’.”

EAST will be leading a breakout session discussing black box attacks at the third global Financial Crime & Security (FCS) Forum, being held in The Hague on 8th/9th June 2017.

Despite the potential for high value individual attacks, black box attacks are rare in comparison to other ATM-related attacks. “ATM related fraud attacks increased by 26%, up from 18,738 in 2015 to 23,588 in 2016,” reports EAST. “This rise was mainly driven by a 147% increase in Transaction Reversal Fraud (up from 5,104 to 12,581 incidents). The downward trend for card skimming http://www.securityweek.com/cybercriminals-developing-biometric-skimmers-atm-attacks continues with 3,315 card skimming incidents reported, down 20% from 4,131 in 2015. This is the lowest number of skimming incidents reported since 2005.”

Overall, actual fraud-related ATM losses increased only marginally — up by 2% from €327 million in 2015 to €332 million in 2016.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.