And finally…cash-spitting ATMs blamed on hacking gang’s remote malware attacks

In a report, the Russian security firm Group-IB names Cobalt Group as the most likely hacking gang behind a series of attacks that compromised ATMs in 14 countries, including the Netherlands, Poland, Romania, Russia, Spain, and the UK.

Group-IB based the name they have given the hacking gangs on “Cobalt Strike,” a penetration testing tool which helped the attackers leverage banking computers infected by malicious emails to access specialised servers controlling ATMs.

From those compromised servers, security experts claim the Cobalt gang conducted what are known as “touchless jackpotting” attacks.

The group essentially commanded the target ATMs to spit out cash, but it did so without physically manipulating the machine’s terminals.

Everything was done remotely in a logical (i.e. malware), not a physical, attack on a financial organisation’s banking network which could have taken just 10 minutes in each case.

Not much is yet known about the shadowy Cobalt Group but According to Reuters, Group-IB thinks the group is connected to another computer criminal group called Buhtrap based upon the two collectives’ use of similar tools and techniques.

Buhtrap stole 1.8 billion rubles ($28 million) from Russian banks from August 2015 to January 2016. It is believed to have done so using fraudulent wire transfers and not logical attacks.

Dmitry Volkov, head of the investigation department and the Bot‑Trek Intelligence service, is concerned about the growing threat malware poses to banks and has urged financial businesses to upgrade their defences against such attacks.

He said: “Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being ‘on the radar’ of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.”

Banks are being advised to protect themselves against malware attacks is by placing their ATMs inside a building that’s in full-view of a security camera and also train staff to identify threats like malicious email attachments which it is believed Cobolt used to exploit Microsoft Word vulnerabilities to gain a foothold into a bank’s network.

If employees know how to spot suspicious emails, a group like Cobalt won’t be able to access a bank’s ATM servers.