The remote hack works from anywhere in the world, robbing banks in as little as 10 minutes.
It is every consumer’s dream to find an ATM spitting out cash like a winning slot machine, and it seems that hackers in Eastern Europe have figured out how to make that a reality.
As outlined by Russian security firm Group IB, the hackers are linked to the Buhtrap crew, which stole $28 billion from Russian banks between August 2015 and January 2016, according to Reuters. But while Buhtrap looted ATMs via fraudulent wire transfers, the ATM scammers reportedly use a less hands-on method: “touchless jackpotting.”
The remote hack works from anywhere in the world, robbing banks in as little as 10 minutes. The hackers reportedly use a penetration testing tool known as Cobalt Strike, which lets them access servers that control ATMs via bank PCs infected by malicious emails. Accomplices then wait by the targeted ATMs and scoop up the cash as it spits out of the machine.
The hackers reportedly hit financial institutions in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Malaysia, Moldova, the Netherlands, Poland, Romania, Russia, Spain, and the UK. Group IB did not reveal which banks were targeted.
Global ATM manufacturers Diebold Nixdorf and NCR confirmed to PCMag that they are “familiar” with these types of breaches.
“ATM attacks are becoming more complex and sophisticated as hackers dedicate more time to attacking infrastructure,” an NCR spokeswoman said in a statement. “Securing one’s infrastructure and endpoints is a never-ending and extremely important task that does not depend on the region or attack type.”
Diebold Nixdorf, meanwhile, claims there is “no indication to us that this group of fraudsters is active in Europe or the Americas.”
But that doesn’t mean they won’t be. “Logical attacks on ATMs are expected to become one of the key threats targeting banks,” according to Dmitry Volkov, head of the Group IB investigation department.
“They enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services,” he said in a statement. “This type of attack does not require development of expensive advanced software—a significant amount of the tools used are widely available on the deep Web.”
As the Wall Street Journal reports, the FBI recently warned US banks to look out for potential attacks, following incidents in Taiwan and Thailand over the summer.
“Every bank is under threat of logical attacks on ATMs and should be protected accordingly,” Volkov added.