Hacking group with long history in banking attacks has been reported to cause infections to ATM machines, allowing them to rig the machines to directly spit cash on the street. All the crooks had to do is stay in front of the machine and take the cash.
The FBI has warned banks in the U.S. to be on the lookout, but the ATM theft technique, called “jackpotting” is also spread in countries, like:
- The Netherlands.
- The U.K.
The manufacturers of ATM machines DN and NCR have so far not provided information as to which banks were affected by their devices.
Reuters also reports that such attacks were launched from a remote C&C (Command and Control) servers. What Is believed is that the hackers gain access to the key networks directly controlling the ATM machines and then they begin to dispense the cash simultaneously, before anyone notices and blocks them from the banks’ side.
Cobalt Hacking Group Believed to Be Responsible
Many experts link these attacks to a hacking group with long criminal history related to such attacks. The Cobalt group is the one which was behind the attacks conducted in Russian banks in 2015 and 2016 of a very similar character. This group used wire transfers that were somewhere in the range of millions.
The ATM Hack Saga Continues
The main companies behind the hacked ATMs also report that it is very likely for more attacks to be seen launching in the near future and they are working together with banks to cooperatively block future cyber-heists.
When it comes to the government, the Europol does not have any statements regarding the attacks which most likely means that they are conducting an active investigation on the matter.
The two companies who produced the ATM have reportedly coordinated with banks to exchange information on how to block any future attacks on their devices if they are detected.
Not only this, but security organizations and government agencies who have looked into the matter, believe that Cobalt is not the only suspect and there is also a big Russian ATM hacking group that many refer to as Buhtrap and they could have something to do with the ATM malware itself.