Cybercrime is always evolving to try to find the best way to get resources illegally. Specialists from IT security courses report a new variant of banking fraud in which, instead of misleading users threat actors compromise an ATM using a small metal hook to extract more money than the machine should have delivered.
ATM hijacking, also known as “Teller Hooking” is a new way to scam banks, forcing an error in ATMs when counting money or expelling it for the user to pick it up. This method has caught the attention of specialists and banking institutions, as it is easier than it appears.
Experts from IT security courses believe that this trend could increase considerably in the short term, as the attack eliminates the need to deceive a bank customer or enter a corporate network using complex cyberattack schemes. According to some banking institutions in Spain, these attacks already represent losses of more than 200 thousand euros.
The attack only requires a metal piece similar to a lever and a series of actions at the ATM. Attackers first request a 1000 euro withdrawal using legitimate user cards acting as accomplices or cloned cards. When the money dispenser starts working, the metal part is introduced with the idea of capturing the banknotes. When they are pulled out, the cash counting system detects a system failure and cancels the operation, so the process repeats and the attackers get twice the amount initially requested.
IT security courses specialists mention that the attack exploits a very simple bug in the systems of these machines, and has become very popular as it requires zero hacking skills: “Attackers only need to be discreet when inserting the metal rod into the machine”, mentions a report from the Spanish authorities.
The flaw exploited in these ATMs has already been corrected, so banking institutions and the authorities expect to cut the growth of this criminal activity. It has also been reported that some individuals allegedly related to this activity have already been arrested, although it is not yet determined whether they belong to the same criminal group.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.