Apple Pay, ATMs and even traditional B2B financial-transfer systems will be the top targets of a new wave of payments-oriented cyberattacks in 2015, according to predictions by security vendor Kaspersky Labs.
As Apple Pay becomes more successful next year, it “will inevitably attract many cybercriminals looking to reap the rewards of these transactions,” the company said, despite Apple’s focus on security. That’s also likely to spill over into virtual wallets and other virtual payment systems, both in the U.S. and around the world.
“Whether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt,” Kaspersky’s analysts wrote.
Another major target will be ATMs, point-of-sale systems and public-transit ticket machines, many of which still run on the no-longer-supported Microsoft Windows XP. ATMs and ticket machines in particular have what Kaspersky calls “frail physical security,” and as ATM attacks escalate, thieves will likely attempt to use the machines to get into banking networks — and then manipulate other ATMs in real time.
But potentially even more attractive to thieves is the B2B payments space. “During a recent investigation, we discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution,” according to Kaspersky’s analysts.
Once attackers get access to the banks’ networks, they can siphon enough information to let them steal money directly from a bank in several ways, including remotely commanding ATMs to dispose cash, performing SWIFT transfers from various customers accounts, and manipulating online banking systems to perform transfers in the background.