Cobalt– a hacking group have found to be behind a series of attacks targeting ATMs in Europe with malicious software that causes the machines to spit out cash. The FBI has warned U.S. banks of the potential for similar ATM jackpotting attacks.
According to Russian cyber security firm Group-IB, the attacks were performed remotely and impacted cash machines in countries such as Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, the United Kingdom, and Malaysia. The world’s two largest ATM manufacturers, Diebold Nixdorf and NCR Corp., said they were aware of the ATM attacks and had already been working with their customers to mitigate the threat.
Nicholas Billett, senior director of core software and ATM Security at Diebold Nixdorf, explained: They are taking this to the next level in being able to attack a large number of machines at once. They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.
All these attacks were launched on European and Asian ATMs from a single remote command center, whose purpose is to trick ATMs into dispensing cash before the banks notice the attacks and block them. It is also found that all attacks are performed at the same time on several targets.
Hacking group Cobalt is believed to be part of a larger organization known as Buhtrap and which is responsible for attacks carried against Russian banks. Over 1.8 Billion rubles ($28 Million) were stolen by these hackers from Russian banks between August 2015 and January 2016.