MENU
PNP ACG 6th National Anti-Cyber Crime Summit

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 156: UNDERSTANDING THE RISK OF ATM MALWARE 

Reference Number: ACG-CSB 012319156

 

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security

SUMMARY

ATM malware is a malicious software designed to compromise Automated Teller Machines (ATMs) by exploiting vulnerabilities in the machine’s hardware or software. ATM malware is used to commit a crime known as “jackpotting” in which attackers install malware that forces ATMs to dispense large amounts of cash on command. ATM malware can also be used to steal financial information captured at ATM terminals, such as payment card numbers and PIN codes.

The installation of ATM malware typically requires physical access to an ATM via the machine’s USB port or CD-ROM drive. However, some advanced attacks involve compromising the bank’s internal network in order to install malware on ATM machines without physical access.

Unfortunately, ATM security is currently weak because banks tend to focus primarily on physical security rather than information security. In most cases, they have on premise security agents looking out for suspicious behavior or monitoring security camera footage.

The primary goal of ATM malware is to connect to and control peripheral devices inside the ATM in order to withdraw stored cash and/or collect information from bank customers.

One way to prevent ATM attacks is to monitor the ATM network directly. The objective of ATM Monitoring is to stop client data theft by preventing malicious individuals from infiltrating the system directly through ATMs or by using malware that infects the organization from inside to eventually reach ATMs.

RECOMMENDATION

The public are advised to follow these tips to avoid being a victim of ATM Malware, to wit:

  • Keep the hardware and software of you device updated with the latest version and patches;
  • Limit network and physical access to an ATM’s ports;
  • Secure the head compartment of the ATM using appropriate locking mechanisms;
  • Implement access control for service technicians based on multi-factor authentication; and
  • Monitor access to ATM machines and report suspicious activity to your local police department as soon as possible.

For additional information, please refer to the following websites:

  • https://www.bankinfosecurity.com/atm-east-a-7437
  • https://blog.trendmicro.com/trendlabs-security-intelligence/atm-malware-on-the-rise/?_ga=2.250952591.82711879.1530880411-519457544.1527618055
  • https://documents.trendmicro.com/assets/white_papers/wp-cashing-in-on-atm-malware.pdf
  • https://www.hitachi-systems-security.com/blog/prevent-atm-malware-attacks/

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.