According to Trend Micro, cybercriminals target banking staff with phishing emails. If a worker accesses the email, this allows the hacker to steal their identity. The hacker then uses the stolen digital credentials to enter the banking network where they begin to comb it for data on their target.
This is known as lateral movement. The hack is commonly seen in places where banks’ main networks and ATM networks are not separated. Once that data is acquired, the hacker gains access to ATMs. They then order machines to dispense so-called “jackpot” amounts of cash to standby mules, waiting to collect.