Over the past month, criminal gangs have been using diggers to break building walls and steal ATMs across Northern Ireland. Nine such incidents have happened already, with the latest being reported last night.
Reports from Irish news sites say crooks steal nearby digging equipment, which they use to knock down building walls, scoop the ATMs in the diggers' cups, and then place it in the back of a truck or van that had its roof cut off. The gangs involved in these attacks flee the scenes in their trucks and vans, leaving the digger behind.
Attacks, some of which have been recorded on CCTV cameras, last no more than a few minutes, giving crooks enough time to escape before police arrive on the scene.
Irish media reported ten digger attacks on ATMs this year, most of them in April, with nine successful [1, 2, 3, 4]. This is not the first time that criminal gangs have used diggers to steal ATMs. Similar incidents have been seen in New York in 2013.
Report: ATM physical attacks on the rise
News about these attacks broke in the same week that the European Association for Secure Transactions (EAST), a non-profit organization that tracks the EU financial sector, released an end-of-year report on ATM attacks across Europe during 2018.
The Northern Ireland digger attacks are what EAST would classify as an ATM physical attack. EAST said attacks on ATMs across Europe that involved physical brute force rose by 27 in 2018, compared to 2017.
This marked the fourth consecutive year during which physical attacks on ATMs across Europe had risen, a trend that started in 2015.
However, while physical attacks on ATMs in 2018 were up, most of them involved using crowbars or drills to break the ATM apart, or cars to ram the ATM out of the wall, and not diggers.
Some attacks involved the use of gas and solid explosives to blow up the ATM, and these attacks are currently what alarms EAST and EU law enforcement officials the most.
"Such attacks result in extensive collateral damage and can pose a risk to life," EAST said in a report published on April 9 this year.
Furthermore, while ATM explosive attacks were down three percent, which isn't a big number, EAST reported that this type of ATM attack had now spread from ten countries to an eleventh, showing that the tactic is growing in popularity in the EU.
In addition, explosive attacks are also more costly for banks because they inflict collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in the ATM robbery.
ATM skimming and ATM malware attack numbers fell in 2018
But the EAST report also held some good news. ATM fraud attacks (which involve skimmer devices) and ATM logic attacks (which involved the use of ATM malware or hacks of the bank's central ATM network) were both down.
Attack numbers for ATM fraud attacks were down 36 percent, with losses down 30 percent, and ATM logic attacks were down 18 percent, with losses going down 70 percent.
An important note about the ATM malware and logic attacks was that the vast majority --156 of the 157 incidents reported in 2018-- was what law enforcement and security researchers are calling "black box" attacks.
Black box or "jackpotting" attacks, first appeared in Western Europe in 2013, and are a kind of logic-based attack which requires a device such as a laptop or other tool to be physically connected to an ATM.
Criminal groups often use drills to cut a hole in the ATM's case, connect to the internal cabling, and deploy malware or legitimate ATM firmware commands that make the ATM dispense cash.
According to a report published last fall by security experts from Positive Technologies, an ATM black box attack usually takes around 10 minutes to pull off, with most taking place in the middle of the night when consumers aren't around.
Positive Technologies said that 69 percent of the ATMs they tested were vulnerable to such attacks and that on 19 percent of ATMs, there were no protections against Black Box attacks at all.
Europol started cracking down on ATM black box criminal groups last fall, but the tactic is not employed by that many gangs, mainly because of the high skill level and custom hardware and software required to carry out such attacks.
The EAST report is available here. It was comprised using statistics provided by 21 European states, documenting incidents reported at 360,714 ATMs installed across the EU.
More cybersecurity coverage:
- Dragonblood vulnerabilities disclosed in WiFi WPA3 standard
- Microsoft publishes SECCON framework for securing Windows 10
- Ransomware: The cost of rescuing your files is going up
- Russia fines Facebook $50 for failing to comply with local data privacy law
- Kaspersky: 70 percent of attacks now target Office vulnerabilities
- Mozilla wants Apple to change users' iPhone advertiser ID every month
- Vulnerabilities discovered in industrial equipment increased 30% in 2018 TechRepublic
- Amazon workers eavesdrop on your talks with Alexa CNET