Cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe this year using malicious software that forces machines to spit out cash, according to Russian cyber security firm Group IB.
Diebold Nixdorf and NCR Corp, two of the world's biggest ATM makers, said they were aware of the attacks and have been working with customers to mitigate the threat. The newly disclosed heists across Europe follow hacks of ATMs in Taiwan and Thailand, which were widely reported over the summer.
Group IB declined to name banks that were "jackpotted," a term used to describe forcing ATMs to spit out cash, but said the victims were located in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, the United Kingdom and Malaysia.
Dmitry Volkov, head of threat intelligence with Group IB, told Reuters that he expects more heists on ATMs.
Hackers have moved from stealing payment card numbers and online banking credentials to more lucrative hacks on bank networks, giving them access not only to ATM machines, but also to electronic payment networks.
News that makes sense
Your trusted source for staying up-to-date with the world around you. Get free daily news updates and analysis, straight to your inbox.
A February attack on servers at Bangladesh's central bank that controlled access to the SWIFT messaging system yielded more than $US81 million ($A110 million) in one of the biggest digital heists on record. Russian banks lost over $US28 million in a series of wire-fraud cases that were identified earlier this year.
"What we are seeing demonstrated is the new model of organised crime," said Shane Shook, an independent security consultant who helps banks and governments investigate cyber attacks and reviewed Group IB's findings.
