Hackers are using malicious software to target cash machines

The software forces machines to dispense cash remotely

Cyber criminals are using malicious software to hack into cash machines in countries across the world, forcing them to dispense cash to other criminals remotely.

The hack was discovered by Russian cyber security firm Group IB and has apparently been happening for the last five years, the company's research has revealed.

The first cash machines targeted were discovered in Taiwan and Thailand, but it seems attacks have been happening more regularly in Europe now too. They have increased in frequency too. Originally, hackers were only able to target small numbers of ATMs because they needed an accomplice to visit the cash machines to remove the money they were spitting out.

The commands were sent from centres in Asia and Europe, situated in remote locations to make the criminals hard to catch, with actors on the ground to snatch the sums of cash when it was dispensed. However, they've now become much larger-scale attacks as the criminal community has become aware of the hack.

“They are taking this to the next level in being able to attack a large number of machines at once,” said Nicholas Billett, Diebold Nixdorf’s senior director of core software and ATM Security. “They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."

ATMs in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia have all been targeted using these "smash and grab" attacks and although banks are now wising up to the cyber attack, they are likely to continue until the software can be intercepted.

"We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks," Owen Wild, NCR's global marketing director for enterprise fraud and security said.

The extent of the attacks can be seen in Group IB's research. It revealed $2.5 million was stolen from Taiwan's First Bank and $350,000 was taken from Thailand's Government Savings Bank in July.

Source: IT Pro