A hacker group called Cobalt targeted ATMs across Europe in "smash and grab" operations. The hackers are reported to have remotely attacked ATMs using malicious software, which manipulated the systems to dispense cash.
Two of the biggest global ATM manufacturers, NCR and Diebold Nixdorf, said they were aware of the attacks and were working with customers in efforts to mitigate the threat. The targeted countries include Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, the United Kingdom, and Malaysia, according to Russian cybersecurity firm Group IB.
"They are taking this to the next level in being able to attack a large number of machines at once," said Nicholas Billett, Diebold Nixdorf's senior director of core software and ATM Security. "They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."
Work of organised cybercrime syndicate?
Group IB researchers believe that Cobalt is linked to a well-known cybercrime syndicate called Buhtrap, which stole over 1.8m roubles ($28m) from Russian banks between August 2015 and January 2016. Researchers noted several similarities in the use of tools and techniques between Cobalt and Buhtrap. However, Buhtrap stole money via fraudulent wire transfers and not ATM jackpotting (a term referred to forcing ATMs to spit out cash).
"What we are seeing demonstrated is the new model of organized crime," said independent security consultant Shane Shook, who helps banks and governments investigate cyberattacks and reviewed Group IB's findings.
Earlier in the month, the FBI reportedly sent private alerts to US banks, cautioning them to remain on the lookout for ATM attacks, following the recent high-profile ATM cyberheists.
"We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimise the impact of these attacks," said Owen Wild, NCR's global marketing director for enterprise fraud and security.
The disclosures about the latest hacking spree follow similar ATM hacks in Taiwan and Thailand, which saw hackers steal over £260,000 from Thailand's Government Savings Bank (GSB).