It hasn't been revealed how the malware was installed on the ATMs in Eastern Europe. But ENISA warned that ATMs positioned in unprotected areas with accessible power connections and network links makes it easier for an attacker.

"Security issues related to the ATMs are too often not recognized," the report said. Very few banks, if any, have conducted a formal and complete security risk assessment of their ATM infrastructures, according to the report. "The use of the concept of 'security through obscurity' that has long gone along with dedicated devices is conceptually wrong, and is proving to be so as the global trend of bank fraud rises."