Hackers are remotely using malicious software to force cash machines across Europe and Asia to spew out wads of money, according to a new report from Russian cyber security firm Group IB.
The Cobalt hacker group has used the “touchless jackpotting” technique, which involves no physical manipulation of ATMs, to target cash machines owned by major banks in at least 14 countries, including the Netherlands, Poland, Spain, Russia, Malaysia and the UK.
Banks’ systems are infected with tools that can be easily accessed by members of the general public, in a hacking method that allows gangs to take control of banking networks in as little as 10 minutes. Group IB declined to name the financial institutions that have been targeted by the gang.
The heists are triggered from remote command centres which target multiple cash machines on a bank’s network. Once machines have been compromised and have started to automatically dispense notes, “money mules” move into to grab the cash and make a run for it. The hacking group is believed to have stolen millions of euros.
Dmitry Volkov, Head of the Investigation Department and the Bot‑Trek Intelligence service at Group IB, commented: “Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services.
“That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.”
ATM makers NCR and Diebold Nixdorf told Reuters they were aware of the threat. Diebold Nixdorf’s Senior Director of Core Software and ATM Security Nicholas Billett told the news agency the gang targets as many machines as possible at the same time as its leaders know their attacks will be picked up by staff relatively quickly.
Security experts have noted that hackers are increasingly targeting electronic payment networks in similar strikes all over the world. Back in July, authorities in Taiwan suspected that two Russians had managed to steal some T$70 million (€2.07 million) after hacking into ATM machines using their smartphones. In September, police in London arrested a 30-year-old Romanian man suspected of being part of an ATM hacking gang responsible for stealing £1.5 million (€1.75 million) from cash machines around the UK.
The FBI has warned banks in the US they could fall victim to similar attacks, announcing in a bulletin that it had been “monitoring emerging reports indicating that well-resourced and organised malicious cyber actors have intentions to target the U.S. financial sector”.