Jean-Philippe Taggart, senior security researcher at Malwarebytes Labs—not affiliated with Kaspersky Lab—says: “Since criminals require physical access to the ATM, that severely limits what can be achieved. Europe has many ATMs directly on the street, and that makes them somewhat more vulnerable to physical attack. The session key required in this attack prevents a rogue mule from taking over the scam. It attacks the bank infrastructure directly, so while customers’ accounts are not being drained, they will feel the pain when the banks transfer the costs of fraud over with higher fees. Banks will likely not tighten their ATM security stance until cost analysis shows that this type of attack is costing them enough to warrant it.”
Read MoreSelect your language