Comprehending Taiwan ATM Heist: From Cyber-attack Phases to Investigation Processes

Abstract

Cybercriminals increasingly use sophisticated tools and advanced methods to attack bank systems. Cyber black markets for hacking tools or services are gaining widespread attention as more advanced persistent threat attacks are relevant to such markets. The recent cyber-attacks on banks or financial institutions have increased the technical expertise of cybercriminals. This study reviews ATM threats and highlights the cybercrime investigation of ATM heist. An incident investigation strategy from ISO/IEC 27043:2015 is proposed to embed cyber-attack phases and detect ATM heist. It demonstrates how this strategy can provide investigators with exceptional abilities to interpret evidence. By integrating an effective cybercrime investigation strategy, investigators can minimize the cost of collecting evidence in a forensically sound manner.