Twenty-seven people have been arrested across Europe as part of an international investigation into so-called ATM black box attacks.
EU member states and Norway contributed to the investigation, which was supported by Europol’s European Cybercrime Centre.
Black box attacks are when criminals connect an unauthorised device to an ATM’s controller, which sends commands to the cash dispenser telling it to dispense all of the money inside.
The attack requires the criminals to have physical access to the controller, often achieved by drilling holes or melting through the cover of the terminal.
Perpetrators responsible for this new and sophisticated method of ATM fraud were identified in a number of countries in 2016 and 2017, with the most recent arrest in Spain this month.
The black box phenomenon first appeared in Western Europe in 2015.
Losses from successful attacks can be significant, according to Europol, stretching into the hundreds of thousands of euros.
A recently published report from the European ATM Security Team (EAST) reveals that criminals carried out ATM black box attacks in 10 reporting countries during 2016.
According to EAST, there were 58 such attacks in 2016 – almost quadruple the amount in 2015, when there were 15.
Losses linked with overall ATM-related fraud rose 2% over the same period, up from £280m to £284m.
Europol has been cooperating with the ATM industry in order to detect black box incidents properly.
The agency says most attacks are now unsuccessful as public and private cooperation in the security domain is improving.
There were four operational meetings in 2016 and 2017 at The Hague, in which 20 countries including the UK and the US discussed how to share intelligence to tackle the rising threat.
According to Europol, perpetrators involved in ATM black box attacks come mainly from countries such as Romania, Moldova, Russia and Ukraine.
The agency states investigations are still ongoing and further arrests are expected in the near future.