Re-emergence of ATM Cyber Threats Highlight the Importance of Cyclic Cyber Threats

The FBI recently issued a warning about a potential wave of attacks against Automatic Teller Machines (ATM’s). I wrote back in January about how precursor events built over time leading to ATM attacks earlier this year.

In that previous piece, we noted that threat actors evolved threats against the ATM’s over a period of months. Hacker discussions, exchange of tradecraft, and prior, related attacks preceded those events. Each built on the previous discussion leading to the attack. We show the timeline of this from the previous post below.


Events leading to the January 2018 ATM jackpotting attacks.

Conversations that span multiple, global hacker communities are always occurring. This sharing of information leads to existing cyber threats re-emerging using different tradecraft, different delivery mechanisms, or focused on different targets.

The ATM hacking incident is a great example of a cyclic attack, but by no means is this only relevant to that technology. Relevant to most enterprises is the re-emergence of software vulnerabilities — which we have also discussed in a previous post. For example, exploits against CVE-2017–0199 were found in April, leading to much hacker discussion. As enterprises mitigated against these exploits, the chatter died down. However, CYR3CON saw the vulnerability re-emerge in exploit sales a few weeks prior to the NotPetya attacks.

These cyclic patterns happen across multiple hacker communities in the deep and darkweb. While the information is hard to get to, the cyclic nature and the re-emergence of threats can be uncovered. At CYR3CON, we leverage advanced artificial intelligence to get ahead of these threats.