U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Criminals capture PINs over wireless remotely instead tamper ATMs

Criminals are exploiting news tactics to steal user’s PIN from ATMs, capturing them over wireless network instead risky tampering of the banking machine. Cyber criminals are adopting even more creative and sophisticated methods to collect user’s personal information, of course banking data is very attractive for hackers that could decide to directly use it for cyber frauds, […]

Criminals capture PINs over wireless remotely instead tamper ATMs

Criminals are exploiting news tactics to steal user’s PIN from ATMs, capturing them over wireless network instead risky tampering of the banking machine.

Cyber criminals are adopting even more creative and sophisticated methods to collect user’s personal information, of course banking data is very attractive for hackers that could decide to directly use it for cyber frauds, resell it on the black market or for a successive cyber attacks.

Today we will discuss new methods used to capture intercept PINs at ATMs:

“It just blows you away how sophisticated these folks are in thinking this stuff up,” says Bryan Sartin, director of the team at Verizon Communications that investigates data breaches

The US Intelligence estimated annual losses from ATM skimming at more than $1 billion in 2008.

In the past cyber criminals used phony number pads and skimmers to steal debit card PIN data, but it is too risky due to the necessity to deploy the sniffing equipment and then come back to remove it avoiding surveillance.

For this reason cyber criminals have developed a smart scheme to steal user’s PINs directly from ATMs and gas pumps, the hackers exploit banks wireless Internet connections used by financial institution to monitor ATM cash flow and update software.

“Regulators at the Federal Financial Institutions Examination Council warned in April that the ATMs of small and midsize banks are preferred targets for criminals who hack bank Web pages to boost ATM withdrawal limits and then clean out people’s accounts.” reports Bloomberg Businessweek.

Criminals are able to catch PINs remotely, according to a Verizon report, another common tactic consists to get jobs with technical-support companies that give them access to ATMs, then installing malicious code that can steal and transmit PIN data back to the attackers via e-mail address or through a phone line.

ATMs keyboard 2

Remote hacking of Web-connected ATMs is a serious problem, an event that is happening with increasing frequency, in March, the FBI has identified 17 people involved in a card fraud stretched from Bulgaria to Chicago.

The technology is fueling the cyber criminal ecosystem memory chips and transmitters that enable PIN hacking thin and light enough to be easily hidden in ATM installed by banks.

How to preserve users from increasing criminal activities?

First of all it is necessary to deploy a new generation of credit/debit cards to substitute antiquated magnetic-stripe cards, very easy to skim. The USA is strangely backward in terms of security and data breaches like the one suffered by Target retailer are the consequence.

Pierluigi Paganini

(Security Affairs –  ATMs,cybercrime)