Use of Windows XP makes European ATMs vulnerable to malware attacks

While malware is a concern, skimming is still the main problem in Western Europe ATM fraud

For the first time, a country in Western Europe has reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One major problem is the continued use of Windows XP in ATMs, making them more vulnerable to attacks, a report on ATM fraud said.

The report does not specify which country reported the malware attacks, said Lachlan Gunn, executive director the European ATM Security Team (EAST), an organization that aims to provide an oversight of trends in ATM fraud.

However, it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, the Asia Pacific region and Latin America, Gunn said.

The statistics in EAST's report were provided by 21 European states, including France, Germany, Italy, the U.K., Spain, Romania and the Netherlands.

The country targeted with malware attacks reported 51 incidents involving malware in 2014. In those cases, criminals used so-called cash out or jackpotting attacks, in which malware is used to take control of the ATM cash dispense function, allowing the criminals to take out cash. Gunn expects more Western European countries will report malware attacks in 2015.

"As a significant number of Europe's ATMs continue to use the Windows XP operating system, there are concerns that many remain vulnerable to ATM malware if the necessary preventative measures are not taken," EAST said in the report.

Microsoft ended support for Windows XP in April last year. Despite ATM vendors like Wincor-Nixdorf warning that the operating system exposes ATM operators to significantly higher security and legal risks, migrations to new systems are going slowly.

Vendors, together with EAST and European police forces, are working on guidelines on how to protect their ATM systems against these malware attacks, Gunn said.

Malware, though emerging in Western Europe, is not the main headache for ATM operators, the report showed. While the total number of ATM-related fraud incidents fell 26 percent compared to 2013, the related losses rose from €248 million to €280 million, the highest amount of money lost due to fraud in the last five years, according to EAST figures.

That rise was mainly driven by international skimming losses, which rose from €201 million to €238 million, even though the number of skimming incidents was down 3 percent from 2013, with 5,631 incidents reported. Skimmers capture card details and the PIN number at the ATM and use them to produce counterfeit cards for fraudulent cash withdrawals, often in countries outside of Europe.

The rise in international skimming losses was not seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented, Gunn said. Geo-blocking significantly reduces the risk of successful compromise, he said.

In 2014, a total of 15,702 ATM-related fraud attacks were reported in Europe. The fall in the total number of attacks was driven by a 95 percent reduction in transaction reversal fraud, a technique that involves creating an error condition at the ATM, making it appear that cash will not be dispensed and forcing a repayment of the amount withdrawn back to the account.

There was also a 31 percent decline of cash trapping attacks, in which the criminal attaches a device to the ATM that traps any cash the machine tries to dispense, allowing the criminal to return to the ATM later to retrieve the cash.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymalwarefraudEuropean ATM Security Team

More about EUIDGMicrosoftNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place