Imagine walking down the street, only to notice an ATM spewing money out of its slots and into a bag held by a shady looking character; but not in a video game.
A cybergang has been hacking the computer systems of European and Asian banks and forcing ATMs to spew out cash, warns security outfit Group IB.
In at least 14 countries including Russia, the UK, the Netherlands and Malaysia, hackers are using a program dubbed Cobalt to conduct remote logical attacks on ATMs. These attacks cause the ATM to empty itself, into the waiting hands of an accomplice who only needs to show up at the appropriate time.
As the attacks are conducted remotely the mule may have only the slightest connection to the hackers that compromised the banking system which makes them very hard to catch.
The Cobalt gang has hit unnamed banks in at least 14 countries, including Russia, the UK and Malaysia, says Group IB.
This technique called ‘touchless jackpotting’ sees them infect computer systems so that they can make ATMs spit out cash without having to manipulate the actual machines. Instead, money mules simply wait to collect the money.
ATM manufacturers NCR and Diebold Nixdorf say that they are aware of the threat. The latter’s Nicholas Billett tells Reuters: “They [the crooks] know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”
This summer banks across Taiwan briefly suspended cash withdrawals from their Wincor Nixdorf ATMs after one, First Bank, revealed that crooks have stolen more than US$2 million from its machines, probably in a jackpotting operation.
Soon after police in Thailand issued a warrant for the arrest of a Russian man wanted in connection with a $350,000 jackpotting malware attack on cash machines belonging to state-run Government Savings Bank.
Dmitry Volkov, Group IB, says: “Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services.”