ATM Cybersecurity is a critical concern due to the susceptibility of automated teller machines (ATMs) to various attacks. Why? The amount of money inside of them and the easy access to obtaining it. Some ATMs are filled with over $2,000 a day. That’s $14,000 a week. And $56,000 a month. Give or take the money going out from transactions, that is still a hefty sum of money.
Given the profitability of ATMs, they attract cybercriminals seeking illicit financial gains. Effective ATM security solutions are essential to mitigate these risks and safeguard the integrity of the financial system.
In 2008, the estimated amount lost to ATM cyberattacks exceeded $1 billion. This figure is likely higher today due to improved hacking techniques and increasingly sophisticated methods of evasion. ATM fraud not only results in financial losses but also damages the reputation and customer loyalty of financial institutions. ATM-related security fraud increased by 26% from 2015 to 2016, underscoring the urgent need for ATM security solutions.
Types of ATM Cyberattacks and Security Threats
ATMs Cyber attacks can manifest in various shapes and forms, reflecting the diverse tactics employed by cybercriminals to compromise these financial machines. Some common types of cyberattacks on ATMs include:
ATM Specific Malware
Malicious software (Malware) can be injected directly into an ATM, either through physical access to the machine or by exploiting vulnerabilities in its software. Once installed, the malware can manipulate the ATM’s operations for fraudulent transactions (i.e., CutletMaker, Ploutus D, ATM Proxy).
Hardware-Based Attack – ATM Black Box Attacks
Black box attacks involve connecting an external device to the ATM’s internal hardware to override its software and force the machine to dispense cash. These attacks typically require physical access and are often paired with malware to bypass security controls.
Hardware-Based Attack – Network Implants
Hackers utilize rogue devices, such as network implants, to intercept or manipulate ATM communications with financial institutions. These devices are often undetectable by standard ATM security software, enabling cybercriminals to execute remote attacks and maintain anonymity.
Rogue Devices and ATM Cyber Security
In any type of the above ATM cyber attack methods, hackers use hardware devices known as rogue devices. Either for triggering the ransomware or as a MiTM attack over the USB or the Ethernet interface. These rogue device attacks occur on the physical layer, making them undetectable by ATM security software and ATM network security solutions. The sophistication of these devices allows bad actors to carry out their attacks remotely. Thus, increasing their anonymity and reducing the risk of being caught.
By attaching a spoofed peripheral to the ATM’s cash dispenser, the perpetrator can send cash dispensing commands. Bypassing the need for a card or transaction authorization. This is called a black box attack. Its primary limitation is that it requires physical access to the ATM internals for the installation of the black box or keyboard.
As gaining such access becomes increasingly difficult, attackers have adapted with a new tactic: external network implants. These devices are growing in popularity and present an even greater challenge for ATM security.
Often based on off-the-shelf devices, mainly modified cellular routers, these implants are configured to operate in “transparent” or “bridge” mode, without a Layer 2 (MAC address) presence. As a result, they evade detection by conventional Network Access Control (NAC) and Intrusion Detection System (IDS) solutions, highlighting the need to move beyond traditional network security tools.
ATM Cybersecurity
Achieving complete network visibility into hardware assets is a major challenge for IT teams, especially in today’s complex IT, OT, and IoT environments. Without robust ATM cybersecurity solutions, attackers can exploit blind spots, particularly through USB and network interfaces. This lack of visibility weakens the enforcement of hardware access policies, increasing the risk of hardware-based ATM cyber attacks that deploy ransomware and can lead to data breaches.
To effectively address this challenge, organizations need comprehensive visibility into all network-connected hardware assets, regardless of their characteristics or the interfaces used by attackers. Furthermore, it’s essential to adopt practical and adaptive ATM cybersecurity defenses that evolve alongside emerging threats.
Attackers frequently exploit these “blind” spots using USB Human Interface Device (HID) emulation or physical-layer network implants. These techniques enable them to bypass traditional security mechanisms, highlighting the critical importance of physical-layer network visibility in securing ATM infrastructure.
Endpoint and Network ATM Security with Sepio
In addition to physical layer verification, a comprehensive policy enforcement mechanism outlines best practices for ATM security. This allows administrators to set strict or more granular rules for enforcement. It ensures robust protection against potential threats.
Combining ATM endpoint security with network-level defenses creates a multi-layered strategy for protecting ATM infrastructure. Whether it’s stopping malware infections, preventing physical layer attacks, or blocking unauthorized devices, ATM endpoint security ensures that every connected device is continuously monitored and managed to detect any potential threats in real-time.
Sepio’s platform is revolutionizing the ATM cybersecurity industry by uncovering hidden hardware attacks that operate over network and USB interfaces.
Sepio’s solution continuously identifies, monitors, and manages all peripheral devices, ensuring that no hardware component goes unmanaged. By generating a unique digital fingerprint for each connected device, based on its descriptors, the platform compares them against a known database of malicious devices. Any suspicious or unauthorized device is automatically blocked in real time.
Additionally, Sepio leverages machine learning to analyze peripheral behavior, detecting anomalies, such as a mouse impersonating a keyboard, that may indicate an attack in progress.
Strengthen Your ATM Cybersecurity
Achieve full visibility into every known and shadow asset within your ATM ecosystem. Proactively prioritize threats and mitigate risks with confidence. Discover how Sepio’s patented technology empowers you to uncover hidden hardware-based threats and take control of your ATM cybersecurity posture.
Schedule a demo and see how Sepio can help you eliminate blind spots, enforce granular security policies, and safeguard your financial infrastructure from physical-layer ATM cyber attacks.
Read the ATM Cyber Security white paper (pdf)