For remote attacks what usually happens is the malicious actor will first get access to a banks network and from there pivot to the ATMs. Often times they have some remote tool to shoot off commands and so forth. The malware itself is rather basic and easy to understand-the security layer once remotely accessed is rather moot. Depending on the malware strain they can than program the ATM to be “cashed out” during certain time or even if certain cards will be inserted.
