Hackers are using malicious software to target cash machines
The software forces machines to dispense cash remotely
Cyber criminals are using malicious software to hack into cash machines in countries across the world, forcing them to dispense cash to other criminals remotely.
The hack was discovered by Russian cyber security firm Group IB and has apparently been happening for the last five years, the company's research has revealed.
The first cash machines targeted were discovered in Taiwan and Thailand, but it seems attacks have been happening more regularly in Europe now too. They have increased in frequency too. Originally, hackers were only able to target small numbers of ATMs because they needed an accomplice to visit the cash machines to remove the money they were spitting out.
The commands were sent from centres in Asia and Europe, situated in remote locations to make the criminals hard to catch, with actors on the ground to snatch the sums of cash when it was dispensed. However, they've now become much larger-scale attacks as the criminal community has become aware of the hack.
"They are taking this to the next level in being able to attack a large number of machines at once," said Nicholas Billett, Diebold Nixdorf's senior director of core software and ATM Security. "They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."
ATMs in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia have all been targeted using these "smash and grab" attacks and although banks are now wising up to the cyber attack, they are likely to continue until the software can be intercepted.
"We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks," Owen Wild, NCR's global marketing director for enterprise fraud and security said.
The extent of the attacks can be seen in Group IB's research. It revealed $2.5 million was stolen from Taiwan's First Bank and $350,000 was taken from Thailand's Government Savings Bank in July.
Application security fallacies and realities
Web application attacks are the most common vulnerability, so what is the truth about application security?Download now
Your first step researching Managed File Transfer
Advice and expertise on researching the right MFT solution for your businessDownload now
The KPIs you should be measuring
How MSPs can measure performance and evaluate their relationships with clientsDownload now
Life in the digital workspace
A guide to technology and the changing concept of workspaceDownload now