Trend Micro and Europol’s European Cybercrime Centre (EC3) have released a comprehensive report on the current state of ATM malware, detailing both physical and network-based malware attacks as well as highlighting where the malware is created.

ATM malware has evolved from requiring physical access to infect the machines to now successfully attacking network-based access using the bank’s corporate network. The report dissects recent attacks using bank networks to both steal money and credit card data from ATM machines, regardless of network segmentation. These attacks not only risk personally identifiable information (PII) and large sums of money, but also put banks in violation of PCI compliance standards.

“The joint industry — law enforcement report by Europol’s EC3 and Trend Micro shows that the malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately,” says Steve Wilson, head of EC3. “While industry and law enforcement cooperation has developed strongly, the crime continues to thrive due to the major financial rewards available to the organised crime groups involved. This report assesses the developing nature of the threat. I hope that it serves as a blueprint for future industry and law enforcement cooperation.”

“Protecting against today’s cyberthreats and meeting compliance standards requires increased resources that are not always available for organisations, including those in the financial services industry,” says Max Cheng, chief information officer for Trend Micro. “Public-Private Partnership strengthen the global, ongoing fight against cybercrime, and help fill the resource gap for organisations. This report furthers Trend Micro’s commitment to helping law enforcement and private businesses mitigate future attacks and protect individuals.”