Malware is making ATMs ‘spit cash’

money coming out of ATM

A Russian cybersecurity firm has issued a warning about a spate of remotely coordinated attacks on cash machines.

Hacks of banks’ centralised systems had made groups of machines issue cash simultaneously, a process known as “touchless jackpotting”, said Group IB. The machines had not been physically tampered with, it said, but “money mules” had waited to grab the cash.

Affected countries are said to include Armenia, Estonia, the Netherlands, Poland, Russia, Spain and the UK. But the company declined to name any specific banks.

Dmitriy Volkov from Group IB told the BBC a successful attack could net its perpetrators up to $400,000 (£320,000) at a time. “We have seen such attacks in Russia since 2013,” he said.

“The threat is critical. Attackers get access to an internal bank’s network and critical information systems. That allows them to rob the bank.”

Two cash machine manufacturers, Diebold Nixdorf and NCR Corp, told Reuters they were aware of the threat. “They are taking this to the next level in being able to attack a large number of machines at once,” said senior director Nicholas Billett, from Diebold Nixdorf.

“They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”