With a drill and a homemade hacking rig that can be assembled for about £12, hackers can access a cash machine and empty it in minutes, according to a demonstration at the Kaspersky Security Analyst Summit this week.
Kaspersky security researchers say that the simple attack method has already been honed ‘in the wild' in Europe and Russia, although the company hasn't revealed the type of cash machines at risk or the banks that have been attacked.
While you might see stories of people ripping cash machines out of the wall using JCBs, the result is messy and noisy, and the attackers relatively easily identified and apprehended.
In contrast, Kaspersky's attack requires drilling one hole next to the number pad, routing a cable to connect to an exposed serial port and issuing commands to dispense money.
Despite the ultimately simple attack, which required just a breadboard, an Arduino-like microcontroller, capacitors, an adaptor and a battery, Kaspersky's method did take five weeks of painstaking trial and error using an oscilloscope and logic analyzer to work out the machine's internal security protocols, which were surprisingly limited.
Once that was done, it was possible to send fake commands that look like they're being issued by other genuine modules in the machine, thereby allowing them to dispense money freely.
Perhaps the most concerning part for the affected bank in this case is that there's no over the air update that can fix the vulnerability - it'll require a hardware upgrade inside the machines to improve security, according to Wired.
Physical attacks and malware are far more common techniques used by thieves to try and score a big payday.
Kaspersky's revelation this week follows claims that as many as 140 banks, telcos and government organisations in over 40 countries (including the UK) may have been compromised with a new form of 'fileless malware'.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago