Cashpoints are being raided by cyber criminals using a new hack
Cyber-criminals are expanding out from the online world and into the high street, according to a new report.
Hackers are increasingly moving to attack real-world targets alongside their usual online victims, with banks and other financial institutions among the first hit.
But far from the typical high-street robbery, it seems that these hackers are instead using their technical knowledge to attack cash machines themselves, before making off with the loot.
The extraordinary attack was revealed by researchers at security firm Kaspersky Lab.
At the company's Security Analyst Summit in St Maarten this week, researchers Sergey Golovanov and Igor Soumenkov revealed how malware called ATMitch was used to attack cash machines across the world.
The biggest cyber-attacks, hacks and data breaches Wed, March 15, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Play slideshow GETTY 1 of 13
Google's Chinese operations were targeted in 2009
Banks in 40 countries were hit in the attacks, including UK businesses, with hackers simply able to take money from infected machines whenever they liked.
Unlike traditional malware, this attack left little evidence, with criminals able to get away with huge rewards – until they made one mistake.
Kaspersky Lab was called in to assist one bank hit by the attack after the institution's own specialists found two files showing evidence of malware.
They found evidence of the ATMitch software, which had been installed and used to dispense free cash on demand by hackers.
ATMitch was installed remotely by the hackers, allowing them complete control of the machine.
Get Quotes on Home Insurance
They are able to see how much money is inside, and then request a withdrawal of whatever amount they like.
The hackers are even able to specify which exact notes they would like in their withdrawal, such is the control offered by ATMitch.
However the criminals' exploits came to a swift stop after one dozy criminal was spotted tampering with an ATM in Russia.
Disguised as a construction worker, the thief was filmed drilling a hole into the cash machine itself in order to access the technical brain inside.
He then installed a USB device into the main control switch of the ATM – a receiver for a Bluetooth keyboard.
Cyber-criminals are turning to more devious ways to get rich rewards
Once turned on, this allowed anyone using the paired keyboard to approach the ATM, and gain access to its central software and authorise the withdrawal.
When complete, the attacker simply signs off, with the ATM recognising the transaction as a legitimate test process.
Fortunately for the bank in question, the culprit was rumbled by a passing police car.
The researchers say that although the attackers is still at large, there is no need to worry about the security of your money, with banks instead pressed to update their security protection.