REVEALED: Hackers target ATMs across Europe: Fourteen countries including Britain are affected as cyber security threat grows

Next Story

ARMTI proposes Cassava leaves as cattle feed, says it could reduce herdsmen, farmers clashes

Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year,

3aa4fc9b00000578-3958356-image-a-1_1479801475449

The cyber criminals are using malicious software that forces machines to spit out cash, according to Russian cyber security firm Group IB.

The newly disclosed heists across Europe follow the hacking of ATMs in Taiwan and Thailand that were widely reported over the summer.

Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash, according to Russian cyber security firm Group IB. Stock image

Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year, using malicious software that forces machines to spit out cash, according to Russian cyber security firm Group IB. Stock image

WHO IS AFFECTED?

Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year.

Group IB declined to name banks that were ‘jackpotted,’ a term used to describe forcing ATMs to spit out cash.

But the group said the victims were located in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia.

The newly disclosed heists across Europe follow the hacking of ATMs in Taiwan and Thailand that were widely reported over the summer.

A February attack on servers at Bangladesh’s central bank that controlled access to the SWIFT messaging system yielded more than $81 million (£64.95 million) in one of the biggest digital heists on record.

Russian banks lost over $28 million (£22.5 million) in a series of wire-fraud cases that were identified earlier this year.

Diebold Nixdorf and NCR Corp, the world’s two largest ATM makers, said they were aware of the attacks and have been working with customers to mitigate the threat.

Although cyber criminals have been attacking cash machines for at least five years, the early campaigns mostly involved small numbers of ATMs because hackers needed to have physical access to cash out machines.

READ Archive:   Saraki touches base with Buhari, Tinubu as CCT fixes date for trial

The recent heists in Europe and Asia were run from central, remote command centres, enabling criminals to target large numbers of machines in ‘smash and grab’ operations that seek to drain large amounts of cash before banks uncover the hacks.

‘They are taking this to the next level in being able to attack a large number of machines at once,’ said Nicholas Billett, Diebold Nixdorf’s senior director of core software and ATM Security.

‘They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.’

Group IB declined to name banks that were ‘jackpotted,’ a term used to describe forcing ATMs to spit out cash, but said the victims were located in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia.

Dmitry Volkov, head of threat intelligence with Group IB, told Reuters he expects more heists on ATMs.

Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks.

A February attack on servers at Bangladesh’s central bank that controlled access to the SWIFT messaging system yielded more than $81 million (£64.95 million) in one of the biggest digital heists on record.

Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks. Stock image

Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks. Stock image

THE INCREASE IN CYBER ATTACKS ON ATMS

Although cyber criminals have been attacking cash machines for at least five years, the early campaigns mostly involved small numbers of ATMs because hackers needed to have physical access to cash out machines.

READ Archive:   Bisi Alimi comes for Pastor Adeboye for buying a private jet

The recent heists in Europe and Asia were run from central, remote command centres, enabling criminals to target large numbers of machines in ‘smash and grab’ operations that seek to drain large amounts of cash before banks uncover the hacks.

Hackers have now moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks.

This gives them access not only to ATM machines, but also to electronic payment networks.

Russian banks lost over $28 million (£22.5 million) in a series of wire-fraud cases that were identified earlier this year.

‘What we are seeing demonstrated is the new model of organised crime,’ said Shane Shook, an independent security consultant who helps banks and governments investigate cyber attacks and reviewed Group IB’s findings.

Diebold Nixdorf and NCR both said they had provided banks with information on how to thwart the new types of attacks.

‘We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks,’ said Owen Wild, NCR’s global marketing director for enterprise fraud and security.

Disclosure of the campaign follows two ATM hacks in July: $2.5 million (£2 million) was stolen from Taiwan’s First Bank and $350,000 (£280,000) from Thailand’s state-run Government Savings Bank.

Hackers remotely infected ATMs at both banks, forcing them to spit out cash that was collected by teams of ‘money mules,’ who authorities say traveled to Asia from Eastern Europe.

The US Federal Bureau of Investigation earlier this month sent a private alert to American banks, warning them to be on the lookout for attacks on ATMs following the heists in Taiwan and Thailand, the Wall Street Journal reported on Monday.

Group IB released a report describing its findings late on Monday, saying it believed the attacks across Europe were conducted by a single criminal group which it dubbed Cobalt.

READ Archive:   Landlord arraign in court over alleged assault on couple while sleeping in Lagos

It named them after a security-testing tool known as Cobalt Strike, which the perpetrators used in the heists to help them move from computers in the bank network that were infected with tainted emails to specialized servers that control ATMs.

Group IB believes that Cobalt is linked to a well-known cyber crime gang dubbed Buhtrap, which stole 1.8 billion rubles ($28 million/£22.45 million) from Russian banks from August 2015 to January 2016, because the two groups use similar tools and techniques.

Members of the group, which works to improve ATM security, include ATM maker Diebold Nixdorf as well as banks ABN Amro, Bank of America Corp, Royal Bank of Scotland Group and Wells Fargo & Co..

Representatives of Europol, which coordinates investigations of cyber crimes across Europe, had no immediate comment.

In a recent study, a team from Johns Hopkins University performed wireless network penetration testing on a popular hobby drone and developed ‘exploits’ from the vulnerabilities found to disrupt the process of operators to control flights.

In the first successful exploit, the team attacked the drone with about 1,000 wireless connection requests, one right after another, each one asked to take control of the airborne device.

This event overloaded the vehicle’s central processing unit and ultimately caused it to shut down –sending it into what the team calls ‘an uncontrolled landing’.

During the second exploit, the students sent the drone a massive data packet that exceeded the capacity of the buffer inside the aircraft’s flight application – this caused the drone to crash.

And the final exploit forced the drone to make an emergency landing.

Researchers repeatedly sent a fake digital packet from a laptop to the drone’s controller, telling it that the packet’s sender was the drone itself.

Eventually, the drone’s controller started to ‘believe’ it and severed contact with itself.

2 thoughts on “REVEALED: Hackers target ATMs across Europe: Fourteen countries including Britain are affected as cyber security threat grows

Leave a Reply

Your email address will not be published. Required fields are marked *