ATMs in Romania, Spain, the UK, and the Netherlands targeted

Nov 22, 2016 09:05 GMT  ·  By

A hacker group known as Cobalt is believed to be behind a series of attacks targeting ATMs in Europe with malicious software that causes the machines to spit out cash.

Russian cybersecurity firm Group IB explains that the attacks were performed remotely and impacted cash machines in countries such as Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, the United Kingdom, and Malaysia.

ATM manufacturers NCR and Diebold Nixdorf have already confirmed the attacks, but declined to disclose the name of the banks that were affected.

According to a report from Reuters, these attacks were launched on European and Asian ATMs from a single remote command center, whose purpose is to trick ATMs into dispensing cash before the banks notice the attacks and block them. All attacks are performed at the same time on several targets, security experts told the source.

“They are taking this to the next level in being able to attack a large number of machines at once. They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down,” Nicholas Billett, senior director of core software and ATM Security at Diebold Nixdorf, explained.

Attacks possibly linked to larger criminal group

Hacking group Cobalt is believed to be part of a larger organization known as Buhtrap and which is responsible for attacks carried against Russian banks between August 2015 and January 2016. Group IB says these previous attacks allowed the hackers to steal as much as $28 million from Russian banks using fraudulent wire transfers.

NCR and Diebold Nixdorf both claim that a new series of attacks is likely to launch in the coming weeks and months, so the two companies are working on blocking them together with banks that might be affected.

“We have been working actively with customers, including those who have been impacted, as well as developing proactive security solutions and strategies to help prevent and minimize the impact of these attacks,” explained Owen Wild, NCR's global marketing director for enterprise fraud and security.

Neither the Europol, which investigates cybercrimes on the Old Continent, nor the ATM Security Association offered statements on these attacks, but investigations are most likely already under way behind the closed doors.