Police across Europe have arrested 27 people in connection with a spate of so-called ATM black box attacks.
Supported by Europol, law enforcement agencies in the Czech Republic, Estonia, France, the Netherlands, Norway, Romania and Spain took part in the operation, which targeted criminals responsible for this new and highly-sophisticated form of ATM jackpotting.
Black box attacks involve hackers taking control of cash machine controllers and forcing them to dispense bank notes.
Attackers typically connect an unauthorised device to an ATM after drilling holes in its casing.
They are then able to direct the machine to dispense all of the cash it holds.
Losses can be significant, sometimes amounting to hundreds of thousands of euros, depending on how much money a machine holds.
In a statement, Europol said the phenomenon was first detected in Western Europe in 2015, but that most of the arrests related to offences that took place in 2016 and 2017.
Steven Wilson, Head of Europol’s European Cybercrime Centre, said: “Our joint efforts to tackle this new criminal phenomenon resulted in significant arrests across Europe.
“However, the arrest of offenders is only one part of stopping this form of criminality. Increasingly we need to work closely with the ATM industry to design out vulnerabilities at source and prevent the crime taking place.
“This industry and law enforcement cooperation combined with the work with banks and prosecutors can make a major difference in stopping this growing form of crime.”
Europol said the majority of the perpetrators behind ATM black box attacks typically come from countries such as Moldova, Romania, Russia and Ukraine.
A report published last month by the European ATM Security Team (EAST) revealed that organised criminals carried out black box attacks in ten reporting countries last year.
The study found 58 attacks were reported to its members last year, compared with just 15 in 2015, representing a 287% increase in incidents of the offence.
Total losses linked with overall ATM-related fraud rose 2% in 2016 compared with the previous year, rising from €327 million to €332 million.
EAST Executive Director Lachlan Gunn said: “While the rise in ATM black box attacks is a concern, we are pleased to note that many of these attacks were not successful.”
In April, Russian anti-virus firm Kaspersky Lab revealed it had discovered a new form of self-deleting malware that hackers were using to force ATMs to dispense cash on command.
Dubbed ATMitch, the malware was said to have been installed and executed remotely on a number of banks’ systems, perhaps having been downloaded by employees in phishing attacks.
One institution in Russia lost €750,000 in a single night after hackers used the virus to empty its cash machines before deleting itself almost without trace.