Use of Windows XP makes European ATMs vulnerable to malware attacks

09.04.2015
For the first time, a country in Western Europe has reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One major problem is the continued use of Windows XP in ATMs, making them more vulnerable to attacks, a report on ATM fraud said.

The report does not specify which country reported the malware attacks, said Lachlan Gunn, executive director the European ATM Security Team (EAST), an organization that aims to provide an oversight of trends in ATM fraud.

However, it is the first time these attacks were reported in Western Europe. Malware attacks on ATMs have been used for some time in other parts of the world, including Eastern Europe, the Asia Pacific region and Latin America, Gunn said.

The statistics in EAST's report were provided by 21 European states, including France, Germany, Italy, the U.K., Spain, Romania and the Netherlands.

The country targeted with malware attacks reported 51 incidents involving malware in 2014. In those cases, criminals used so-called cash out or jackpotting attacks, in which malware is used to take control of the ATM cash dispense function, allowing the criminals to take out cash. Gunn expects more Western European countries will report malware attacks in 2015.

"As a significant number of Europe's ATMs continue to use the Windows XP operating system, there are concerns that many remain vulnerable to ATM malware if the necessary preventative measures are not taken," EAST said in the report.

Microsoft ended support for Windows XP in April last year. Despite ATM vendors like Wincor-Nixdorf warning that the operating system exposes ATM operators to significantly higher security and legal risks, migrations to new systems are going slowly.

Vendors, together with EAST and European police forces, are working on guidelines on how to protect their ATM systems against these malware attacks, Gunn said.

Malware, though emerging in Western Europe, is not the main headache for ATM operators, the report showed. While the total number of ATM-related fraud incidents fell 26 percent compared to 2013, the related losses rose from €248 million to €280 million, the highest amount of money lost due to fraud in the last five years, according to EAST figures.

That rise was mainly driven by international skimming losses, which rose from €201 million to €238 million, even though the number of skimming incidents was down 3 percent from 2013, with 5,631 incidents reported. Skimmers capture card details and the PIN number at the ATM and use them to produce counterfeit cards for fraudulent cash withdrawals, often in countries outside of Europe.

The rise in international skimming losses was not seen in European countries where regional card blocking, often known as geo-blocking, has been widely implemented, Gunn said. Geo-blocking significantly reduces the risk of successful compromise, he said.

In 2014, a total of 15,702 ATM-related fraud attacks were reported in Europe. The fall in the total number of attacks was driven by a 95 percent reduction in transaction reversal fraud, a technique that involves creating an error condition at the ATM, making it appear that cash will not be dispensed and forcing a repayment of the amount withdrawn back to the account.

There was also a 31 percent decline of cash trapping attacks, in which the criminal attaches a device to the ATM that traps any cash the machine tries to dispense, allowing the criminal to return to the ATM later to retrieve the cash.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Loek Essers

Zur Startseite