ATM explosive attacks increased by as much as 80 percent in the first half of 2016, reveals a new report.
The European ATM Security Team (EAST) tracked 492 explosive attacks. Some used solid explosive material to pull off their heists, though they were a minority at 110 of the incidents. All the rest made use of gas.
But let’s be frank. It doesn’t matter that much to us what bad guys are using to blow up the cash machines.
EAST Executive Director Lachlan Gunn says while it’s not good that thieves are conducting those types of attacks in the first place, the fact that those techniques are on the rise is extremely concerning.
As he explains in a blog post:
“This rise in explosive attacks is of great concern to the industry in Europe as such attacks create a significant amount of collateral damage to equipment and buildings as well as a risk to life. The EAST Expert Group on Physical Attacks (EGAP) is working to analyse the attacks and to share intelligence best practice information across the industry and law enforcement that can help to mitigate the threat.”
Let’s frame it another way. Out of the approximately 1,600 physical attacks (including robbery and ram raids), explosive attacks registered across one quarter of those incidents and caused an average cash loss of €16,631 (approximately US $18,295).
That doesn’t include any damage the explosives might have caused to a financial institution’s properties and/or buildings. But as EAST is right to point out, those losses usually exceed the funds stolen in the attacks.
At the same time, let’s keep things in perspective.
The €27 million lost to ATM physical attacks is but a fraction of the €174 million seized by Transaction Reversal Fraud (TRF) and other types of fraud. There were also about ten times as many incidents in that particular category of ATM attacks.
Meanwhile, logical attacks like jackpotting and ‘cash out’ campaigns registered only 28 incidents that collectively stole approximately €0.4 million from ATMs.
Computer criminals are always thinking of new, sometimes explosive ways to target financial institutions.
Sometimes they’re after the cash stored in an ATM. Other times, they want access to an employee’s email or customers’ banking accounts.
For that reason, users should take extra care to protect their financial accounts with a strong, unique password and two-step verification (2SV). They should also watch out for phishing attacks, as should anyone who works at a bank or similar organization.
If ATM explosive attacks continue to increase, perhaps financial institutions should lend some extra thought to where they physically place their cash machines on their premises.