New research: Global Cost of Ransomware Study. See what breaches are costing you.
Get the report
Blog
/
Cyber Resilience

ATM Hacks: A Hidden Cyber Threat to Bank Security

Christer Swartz
Solutions Marketing Director
March 26, 2025
23 min. read

A few weeks ago, someone stole my debit card information, cloned my card, and drained cash from my account at an ATM hundreds of miles away. Since the transaction used a physical card and the correct PIN, my bank saw it as a legitimate withdrawal. That meant I had to fight to prove it wasn’t me.  

I never thought much about a bank’s ATM security. But it can cause serious security vulnerabilities for banks.

ATM attacks are on the rise. Hackers know that ATMs are another often-overlooked pathway to enter a bank’s network and cause havoc. Banks are a prime target for cybercriminals, and ATM attacks are just one of the many threats they face.

While banks are constantly improving security, no defense is perfect. That’s why breach containment is essential.

In this post, we’ll break down threats against ATMs and explore how Illumio can help banks contain breaches, even those that originate from ATMs.

How secure are ATMs?

ATM terminals have long been what are essentially specialized computers.  

Traditionally, they’ve run Microsoft Windows operating systems. These versions of Windows are not the same as those used in consumer devices. They’re custom versions which are “hardened” for IoT environments.

Banks upgrade the operating systems on their ATM terminals on a regular basis to maintain updated security options in Windows. In fact, as of 2025, many banks are upgrading their ATMs to Windows 11 after news that Microsoft will be ending Windows 10 support soon.

Banks also rely on additional security solutions to encrypt data on customer bank cards and data in transit within their network. But what happens when attackers are able to gain access to these machines and get access to a bank’s network?

Top threats targeting bank ATMs

Many of us know about the most common form of consumer ATM crime: skimmers.

ATM skimmers are devices placed over ATM keypads or card readers that can copy card numbers and PIN numbers as customers use the machine.  

This stolen data can then be used to:

  • Create counterfeit debit cards
  • Sell debit card data on the Dark Web
  • Extract cash from the victim’s account  

But beyond this common consumer security threat, banks also face cyber threats specifically designed for using ATMs to get into a bank’s internal network. Some recent examples:

  • ATMitch creates an SSH tunnel across the bank’s network which attackers use to remotely instruct the ATM to dispense cash at a given time. Cyber criminals never need to touch the ATM keyboard.  
  • Tyupkin enables remote control over the ATM’s cash dispenser  
  • Ploutus uses SMS messages from smartphones to instruct ATM terminals to dispense cash

These threats reveal vulnerabilities in banks’ internal networks. They spotlight why breach containment is so crucial for banking and financial services sector security.

How Illumio contains banking breaches

For decades, banks have used traditional prevention methods like firewalls to fight off cyberattacks. While preventing breaches is still important, it’s not enough.  

More recently, they’ve used a detect-and-response approach. But these tools lose precious time in the detection phase when abnormal payloads on a workload need to be distinguished from normal payloads. By the time a payload gets labeled malicious, it’s usually already spread throughout the network.

The bottom line is that breaches will happen. Banks need to be ready to contain them as quickly as possible.

Illumio Zero Trust Segmentation reverses the detect-and-response formula by containing threats that haven’t even been detected yet.  

Illumio detects data payloads being transferred between the bank’s network and ATMs that fall outside of expected baselines. If the traffic is suspicious, Illumio can immediately close the ports and contain the breach.

Illumio enables this without first needing to understand the malware’s nature or intention.  

This protects banks from threats spreading from ATMs to the rest of the network.  

Don’t let an ATM breach become a bank-wide disaster

ATMs may be simple, common machines, but they’re often deeply connected to a bank’s network. This makes them a high-risk entry point for cybercriminals.

As attacks become more sophisticated and harder to detect in real time, banks need to assume that breaches will happen and be ready to contain them fast.

With Illumio, banks can contain breaches at the source, stopping attackers from moving laterally across the network — even if the attack starts at an ATM. It’s a proactive, Zero Trust approach to security that helps banks protect what matters most: customer trust and financial stability.

Contact us today to learn more about how to contain breaches at your banking or financial services organization.

Related topics

Banking & Financial Services

Related articles

John Kindervag's 3 Zero Trust Truths for Government Agencies
Cyber Resilience

John Kindervag's 3 Zero Trust Truths for Government Agencies

Get insight from John Kindervag on the key Zero Trust truths government agencies need to know as they comply with Zero Trust mandates.

Read more
Protecting Crown Jewel Assets: What's Your Action Plan?
Cyber Resilience

Protecting Crown Jewel Assets: What's Your Action Plan?

How do you build a solid business case and a practical plan of action to secure your 'crown jewels' and avoid the unthinkable?

Read more
Sizing Up Security in 2018: Predictions For Your Organization and Your (Former) Identity
Cyber Resilience

Sizing Up Security in 2018: Predictions For Your Organization and Your (Former) Identity

There will be an increasing desire to quantify risk

Read more
Two Breaches, One Bank: Lessons from The ICBC Cyber Crisis
Cyber Resilience

Two Breaches, One Bank: Lessons from The ICBC Cyber Crisis

Discover critical lessons from the ICBC cyber crisis, where two major breaches — ransomware in the U.S. and a data theft in London — revealed systemic vulnerabilities in global banking.

Read more
8 Reasons Why the Banking Sector Should Use Illumio Zero Trust Segmentation
Zero Trust Segmentation

8 Reasons Why the Banking Sector Should Use Illumio Zero Trust Segmentation

Read why the top target for cyberattacks in the last 5 years, the banking and financial services industry, needs Illumio Zero Trust Segmentation.

Read more
Cyber Resilience: The Banking Sector’s Top Security Priority
Cyber Resilience

Cyber Resilience: The Banking Sector’s Top Security Priority

In this December 2021 speech, Bo Li, Deputy Managing Director of the International Monetary Fund (IMF), reinforced how digital technology permeates all aspects of society, increasing our dependency on interconnectivity and reliance on the networks that support it.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more