Cyberattack sees ATMs spitting out cash throughout Europe

23 Nov 2016

Image: totojang1977/Shutterstock

Security firm Group-IB pins the latest wave of ATM cyberattacks firmly on a group called Cobalt, blaming it for a series of attacks throughout Europe.

Malware installed on ATM machines, forcing them to spit out cash: A modern Robin Hood story, stealing from the rich and giving to the poor.

Or, not so much. A wave of cyberattacks on ATMs across 14 countries has seen machines stripped of fortunes, as hackers hone their skills.

A step up from previous ATM attacks, what Group-IB discovered was a far more professional project with more manual hits.


Whereas previously many ATM cyberattacks saw criminals needing tangible access to the machines, now a centralised, coordinated hack is doing most of the dirty work.

“They are taking this to the next level in being able to attack a large number of machines at once,” said Nicholas Billett, senior director of core software at Diebold Nixdorf, one of the world’s largest manufacturers of ATMs.

“They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down,” he said to Reuters.

According to Group-IB’s report on the situation, ATMs in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia, Spain, Britain and Malaysia were hit.

In a separate, unrelated attack earlier this month, over one-quarter of Tesco’s UK bank accounts were hacked – worse still, almost one in seven accounts had money stolen from them.

All of its customers were blocked from making any online transactions following the hack, the first ever to see a British bank’s customers lose money, while the mess was cleaned up.

Meanwhile in Ireland, the Central Bank recently issued guidance on IT risk management and cybersecurity for financial services firms. These are key concerns for the bank, given their potential impact on firms and their customers, and the risks for financial stability.

The FBI has warned US banks to be on alert in the wake of unrelated Taiwan and Thailand hits during the summer. The latest ATM attacks, though, are clearly more widespread.

Gordon Hunt was a journalist with Silicon Republic