You can view a higher resolution version of the image here.
Original Blog Post from May 14, 2013
Most people gasped at today’s headlines about the massive, $45 million ATM heist, which was engineered by a highly-organized gang of cybercriminals. Consumers and banking executives alike have the same worry today: Is their money and account information safe?
Here at 41st Parameter, the news simply highlighted what we already knew – financial institutions are extremely vulnerable to increasingly sophisticated cyber criminals who, as in this case, are able to steal data from pre-paid ATM cards and then quickly loot machines across the globe.
Most banking systems today are connected directly or in-directly to the Internet. This brings about a multitude of unintentional exposures, all of which allows criminals to exploit them to their advantage.
Given the scale of the global credit card networks, it is almost impossible to detect every kind of attack. Similar to fighting terrorism, you can be successful in preventing something 100 times, but the bad guys only need to be successful once.
Banks and financial institutions should use all of the available data and fraud detection solutions to fight fire with fire – and build better defenses for the 21st Century. Indeed, the shocking $45M price tag for banks should be a call to action to put better protections in place. This attack is NOT the last one, and if the modus operandi proves to be successful, crooks will exploit it time and again.