ATM Hacks: A Hidden Cyber Threat to Bank Security

A few weeks ago, someone stole my debit card information, cloned my card, and drained cash from my account at an ATM hundreds of miles away. Since the transaction used a physical card and the correct PIN, my bank saw it as a legitimate withdrawal. That meant I had to fight to prove it wasn’t me.  

I never thought much about a bank’s ATM security. But it can cause serious security vulnerabilities for banks.

‍ATM attacks are on the rise. Hackers know that ATMs are another often-overlooked pathway to enter a bank’s network and cause havoc. Banks are a prime target for cybercriminals, and ATM attacks are just one of the many threats they face.

While banks are constantly improving security, no defense is perfect. That’s why breach containment is essential.

In this post, we’ll break down threats against ATMs and explore how Illumio can help banks contain breaches, even those that originate from ATMs.

How secure are ATMs?

ATM terminals have long been what are essentially specialized computers.  

Traditionally, they’ve run Microsoft Windows operating systems. These versions of Windows are not the same as those used in consumer devices. They’re custom versions which are “hardened” for IoT environments.

Banks upgrade the operating systems on their ATM terminals on a regular basis to maintain updated security options in Windows. In fact, as of 2025, many banks are upgrading their ATMs to Windows 11 after news that Microsoft will be ending Windows 10 support soon.

Banks also rely on additional security solutions to encrypt data on customer bank cards and data in transit within their network. But what happens when attackers are able to gain access to these machines and get access to a bank’s network?

Top threats targeting bank ATMs

Many of us know about the most common form of consumer ATM crime: skimmers.

‍ATM skimmers are devices placed over ATM keypads or card readers that can copy card numbers and PIN numbers as customers use the machine.  

This stolen data can then be used to:

• Create counterfeit debit cards
• Sell debit card data on the Dark Web
• Extract cash from the victim’s account  

But beyond this common consumer security threat, banks also face cyber threats specifically designed for using ATMs to get into a bank’s internal network. Some recent examples:

• ATMitch creates an SSH tunnel across the bank’s network which attackers use to remotely instruct the ATM to dispense cash at a given time. Cyber criminals never need to touch the ATM keyboard.  ‍
• Tyupkin enables remote control over the ATM’s cash dispenser  ‍
• Ploutus uses SMS messages from smartphones to instruct ATM terminals to dispense cash

These threats reveal vulnerabilities in banks’ internal networks. They spotlight why breach containment is so crucial for banking and financial services sector security.

How Illumio contains banking breaches

For decades, banks have used traditional prevention methods like firewalls to fight off cyberattacks. While preventing breaches is still important, it’s not enough.  

More recently, they’ve used a detect-and-response approach. But these tools lose precious time in the detection phase when abnormal payloads on a workload need to be distinguished from normal payloads. By the time a payload gets labeled malicious, it’s usually already spread throughout the network.

The bottom line is that breaches will happen. Banks need to be ready to contain them as quickly as possible.

Illumio Zero Trust Segmentation reverses the detect-and-response formula by containing threats that haven’t even been detected yet.  

Illumio detects data payloads being transferred between the bank’s network and ATMs that fall outside of expected baselines. If the traffic is suspicious, Illumio can immediately close the ports and contain the breach.

Illumio enables this without first needing to understand the malware’s nature or intention.  

This protects banks from threats spreading from ATMs to the rest of the network.  

Don’t let an ATM breach become a bank-wide disaster

ATMs may be simple, common machines, but they’re often deeply connected to a bank’s network. This makes them a high-risk entry point for cybercriminals.

As attacks become more sophisticated and harder to detect in real time, banks need to assume that breaches will happen and be ready to contain them fast.

With Illumio, banks can contain breaches at the source, stopping attackers from moving laterally across the network — even if the attack starts at an ATM. It’s a proactive, Zero Trust approach to security that helps banks protect what matters most: customer trust and financial stability.

Contact us today to learn more about how to contain breaches at your banking or financial services organization.