The technique is called “jackpotting,” and it looks like it’s straight out of a heist movie. All you need to do is access the USB sockets of the ATMs and plug in a key on which specialized software is installed. A few manipulations later, once the malware has finished infecting the machine, the distributor begins to spit out bank notes, without debiting the customers’ accounts. A surprising magic trick which allowed a group of criminals to steal 80,000 euros in Aquitaine, Poitou-Charentes and Occitanie before their arrestin 2023.
Jackpotting is an impressive method, but it is far from the only one that hackers and cybercriminals use to attack financial institutions. Actions against banks are on the rise: cyberattacks have doubled since the pandemic, tip a report of the IMF published in April. Overall, the International Monetary Fund estimated that the banking sector loses $100 billion every year due to cybercrime.
Attacks powered by artificial intelligence
The trend is not about to stop, believes Ivan Fontarensky, technical director of cybersecurity services at Thales. Banking institutions indeed represent prime targets for groups of cybercriminals, attracted by the large quantity of money they keep, and by the very sensitive data they recover.
“In recent years, we have identified 560 groups of attackers, of which 174 have specifically targeted financial services. In 2024, 10 groups particularly active in the sector have been identified,” specifies the expert. Their methods are becoming more sophisticated thanks to artificial intelligence. No more unconvincing phishing emails full of spelling mistakes: now scammers can produce perfectly convincing emails, and even personalize them with ChatGPT.
Efforts to fool bank employees go even further, with voice cloning techniques. The criminals record the voices of real people and manage, with AI, to create false messages which are then used to extract money. In 2021, an employee of a bank in Dubai authorized a transfer of 35 million dollarsthinking of paying them to a business manager about to finalize an acquisition, after having been lured by a cloned voice.
Deepfakes are also a popular weapon, says Ivan Fontarensky. In February, an employee of a company’s financial department participated in a rigged videoconference with avatars taking on the appearance of his superiors. The hackers managed to leave with $25 million after asking the employee to make a transfer.
Attackers with varied profiles
Banks also represent an ideal target for “hacktivists”, these hackers acting out of activism. In June, a gigantic attack blocked the ATMs of around twenty Iranian banks for several days, during a protest action against the regime. The situation only returned to normal when the institutions agreed to pay a ransom to the hacker group. The very impressive operation also highlighted the fragility of certain banking networks, which can fall despite the security mechanisms put in place.
Banks are also increasingly targeted by state actors. The Russian bank Sberbank thus indicated in November 2023 that it had been the victim of “the most massive DDOS in its history” – that is to say a denial of service attack, which consists of overloading the servers with requests in order to make them to fall. The institution, targeted by a large number of international sanctions after Russia’s invasion of Ukraine, has become a recurring target of numerous hacker groups. Although the November attack has never been officially claimed, several experts believe that it bears the mark of the Ukrainian army.
Achieve the brand image of banks
North Korea is also accustomed to this. The Lazarus Group, which many experts associate with the government, is just one example. “Every time countries decide on new sanctions against this state, there is an increase in attacks [NDLR : contre eux]”, says Ivan Fontarensky. This is particularly the case since 2016, when sanctions were imposed following the resumption of nuclear tests. We must add to these examples more devious disinformation campaigns against financial institutions , according to the Thales expert “The goal is to damage the brand image of the banks, mainly to bring down their stock prices.”
In Europe, these increased risks are taken seriously, and Dora regulations aims to strengthen the IT security of banking institutions and ensure the stability of establishments even in the event of attacks. However, recognizes Ivan Fontarensky, “many actors are still late”. Although most EU banks have already implemented protections, not all establishments are in the same boat. And the risk of attacks by supply chain remains alive. In these cases, scammers target sometimes less well-protected subcontractors of large companies in order to infiltrate the systems of their final target. Despite the obligation of companies to ensure the security of their subcontractors established by Nis2 and now by Dora, the most complex supply chains can present vulnerabilities. Above all, “there are always human errors”. Errors that amount to millions of dollars.
.