Remote Hackers Infect Cash Machines, Then “Money Mules” Clean It Out

It’s a worldwide phenomenon, although so far the U.S. has been spared, according to a report in Data Breach Today. The modus operandi typically starts with a phishing attack targeting a bank employee. If that’s successful it’s followed by the installation of malware that controls an ATM. Then a low-level “money mule” walks up to the machine and enters a sequence of numbers, resulting in what’s called a “jackpotting” or “cashing out” attack. A report from Trend Micro warns these attacks can “bypass existing defenses, such as any firewalls, VPNs or network segmentation that might be in place.” As insidious and effective as they are, hack attacks on ATMs are still far less common than physical ones. This post includes a link to surveillance footage that shows two thieves in Italy carrying one out, using explosives that they carefully stuff down the slot.