Just like in the movies, cash is being issued on demand from machines controlled by hackers.
A Russian cyber security firm has issued a warning about a spate of remotely coordinated attacks on cash machines.
Centralized banking system gave hackers the ability to make machines issue cash at the same time or whichever they prefer. This was determined by Security Group IB and is referred to as “touch-less jackpotting”.
Here is where it gets really interesting. The machines have not been physically tampered in any way but “money mules” were able to wait and grab the cash.
Affected countries are said to include Armenia, Estonia, the Netherlands, Poland, Russia, Spain and the UK.
Security Group IB declined to name any specific banks.
Dmitriy Volkov from Group IB told the BBC a successful attack could net its perpetrators up to $400,000 (£320,000) at a time.
“We have seen such attacks in Russia since 2013,” he said.
“The threat is critical. Attackers get access to an internal bank’s network and critical information systems. That allows them to rob the bank.”
This is a major attack on ATM machines and the manufacturers should be aware of these. It has been confirmed that Diebold Nixdorf and NCR Corp are aware of the situation.
Just like in the movies, in real life, they may be able to take it to the next level. If they can scale up their attacks even more, we are really in trouble.
“They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down.”
If they can do this region-wide or country-wide, imagine how much damage to the economy of the targeted country.
Right now, most of the cash stolen from ATM machines are due to “skimming”.
There are ATM related theft due to skimming and there are malware related ones that are on the rise.
If these malware are able to gain access to the banks’ central system, it can infect the whole network of banks and ATM machines which makes the amount of money that can be stolen even bigger.
It would be hard to track the criminals since cash is being collected in person and it leaves no data trail. If you caught the mule, there would be no guarantee that you would find the cyber crooks.