Skip to main content
  1. Home
  2. Computing
  3. News

Hackers are targeting ATMs and stealing wads of cash

By

hackers atm attacks hack
Peggy_Marco/Pixabay
Hackers are targeting ATMs with malicious software that forces the machines to spew out cash, according to a new report from a cybersecurity firm.

Group IB said has it discovered a hacker group called Cobalt that had attacked ATMs in more than a dozen countries in Europe and Asia, including the U.K. and Russia. The “smash and grab” attacks were coordinated from unknown command centers. They don’t require any physical tampering of the ATMs but the hackers do need someone to be present when the attack happens so they can collect the wads of cash from the ATM.

Recommended Videos

No banks have been named but ATM manufacturers Diebold Nixdorf and NCR Corp have stated that they are aware of the attacks and are working with banks to add new protections.

Please enable Javascript to view this content

Nicholas Billett, head of Diebold Nixdorf’s ATM security, said the hackers have gone to the “next level” by attacking huge numbers of ATMs at the same time: “They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”

Related

Several other countries were named as victims in Group IB’s report such as the Netherlands, Spain, Malaysia, and Moldova with more attacks predicted in the future if banks and ATM makers don’t take action.

“Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services,” said Dmitry Volkov, Group IB’s head of investigation.

Volkov added that the malware used in these attacks isn’t particularly sophisticated and can be easily acquired on the deep web.

In its last report, EU law enforcement agency Europol warned that remote ATM attacks will “evolve and proliferate.”

Different kinds of ATM attacks aren’t new but have become more prevalent, and include skimmers that have been physically installed on machines to steal info off cards. Earlier this year, a bank in Taiwan suspended withdrawals after more than $2 million was allegedly stolen from ATMs using malware.

This marks a significant move for cybercriminals who are finding new ways to pilfer cash. Stealing credit card numbers is one thing but in February we saw hackers steal a staggering $81 million from the Bangladesh central bank. They targeted vulnerabilities in SWIFT, the global banking industry’s messaging network. And now the financial sector has remote ATM hacking to worry about, too.

Editors’ Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Hackers may have stolen the master key to another password manager
Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
FBI disables Russian malware operation targeting foreign governments
An Illustration shows a programmer busy with a laptop and several monitors.

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the "premier cyberespionage malware" of Russia's Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

Read more