In this in-depth article by Kim Zetter of wired magazine details of some attacks against Bank ATM networks are given. Kim describes, in detail, how a well known (and fixable for over 2 years now) SQL vulnerability was used to gain access to the inside of the bank's network. Once inside the attack switched to some very advanced techniques including reverting to older software versions to get around security precautions rolled out on the bank's HSM ("An HSM is a tamper-resistant box that sits on bank networks to provide a secure environment for encryption and decryption of PINs as card transactions pass from ATM or retail cash register to the card issuer for authentication."). Once inside this device, the attacker used a RAM Scrapper to grab the briefly unencrypted data before it was re-encrypted for forwarding on. Amazing stuff.

The article then goes on to discuss various attacks on POS and other systems where a 3rd party vendor failed to change the default admin password on a system and the attackers simple walked through the front door.

The morale of the story is, of course, keep an eye on your network perimeter and don't take it for granted that all is well. Scan often!

Read the full article on wired.com here. Well worth the 10 minutes investment.