News

2015 to be a high-stakes year for ATM attacks, Kaspersky predicts

'The next stage will see attackers compromising the networks of banks and using that level of access to manipulate [ATMs] in real time,' a security expert predicts.

December 2, 2014

"Predictions," the first part of the Kaspersky Security Bulletin, takes a look at what next year might look like in the security industry — and sees a continuing face-off between ATM deployers and organized crime groups.

Kaspersky Lab forecasts high-stakes targeted cyberattacks pinpointing banks, as well as the development of malware that can take cash directly from ATMs, according to a company news release. The next year is also likely to hold more privacy concerns, security worries about Apple devices, and renewed fears about connected devices, the release said. 

According to Kaspersky Lab experts, 2015 is likely to hold:

• attacks against ATMs;
• malware incidents where banks are breached using methods coming directly from the targeted cyber-attack playbook;
• attacks against virtual payment systems, which could be extended to the new Apple Pay;
• malicious software designed for OSX pushed via torrents and pirated software packages;
• more Internet-bleeding stories: dangerous vulnerabilities appearing in old code, exposing the Internet infrastructure to menacing attacks; and
• the splintering of big cyberthreat actors into smaller independent units, resulting in a broader attack base with more diverse attacks coming from more sources.

Banks are a top target

During a recent investigation, Kaspersky experts discovered an attack in which an accountant's computer was compromised and used to initiate a large transfer with a financial institution, the company said.

This represented the emergence of a new trend: targeted attacks directly against banks. Once attackers get into a bank's network, they can siphon information that lets them steal money from the bank in several ways:

• remotely commanding ATMs to dispose cash;
• performing SWIFT transfers from customers' accounts; and
• manipulating online banking systems to perform transfers in the background.

ATMs are vulnerable

In 2014, attacks on ATMs seemed to explode globally, with several public incidents and a rush by law enforcement authorities to respond. As most systems are running Windows XP and also suffer from frail physical security, they are vulnerable by default, Kaspersky said.

According to Alexander Gostev, chief security expert for the Kaspersky global research and analysis team:

In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the 'brain' of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time.

Virtual payment systems are at risk, too

The Kaspersky Lab Global Research and Analysis Team also expects that criminals will leap at every opportunity to exploit payment systems.

These fears can be extended to the new Apple Pay, which uses NFC to handle wireless consumer transactions. Kaspersky anticipates vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems. Said Gostev:

The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple's design possesses an increased focus on security (like virtualized transaction data) but we'll be very curious to see how hackers will exploit the features of this implementation. 

Read the full text of the report.