ATM cybergang linked to attacks across Europe
A cybergang has been hacking the computer systems of European and Asian banks and forcing ATMs to spew out cash, warns security outfit Group IB. The Cobalt gang has hit unnamed banks in at least 14 countries, including Russia, the UK and Malaysia, says Group IB.
The crooks use a technique called ‘touchless jackpotting’ which sees them infect computer systems so that they can make ATMs spit out cash without having to manipulate the actual machines. Instead, money mules simply wait to collect the money.
ATM manufacturers NCR and Diebold Nixdorf say that they are aware of the threat. The latter’s Nicholas Billett tells Reuters: “They [the crooks] know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”
This summer banks across Taiwan briefly suspended cash withdrawals from their Wincor Nixdorf ATMs after one, First Bank, revealed that crooks have stolen more than US$2 million from its machines, probably in a jackpotting operation.
Soon after police in Thailand issued a warrant for the arrest of a Russian man wanted in connection with a $350,000 jackpotting malware attack on cash machines belonging to state-run Government Savings Bank.
Dmitry Volkov, Group IB, says: “Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services.”