The attack will compromise banks or payment card processors with malware which would give the hackers access to the banks’ network and customer card details which will enable funds to be withdrawn from ATMs.
The blog posted that the FBI had sent an alert to banks saying, “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”
The blog by veteran cybersecurity journalist Brian Krebs explains that in an “unlimited operation” attack, the hackers typically remove limits such as withdrawal amount and number of transactions.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future,” adds the alert.
It also warns that the info will be sent out to other cybercriminals who will then be able to create clone cards to continue withdrawing money at different ATMs.
“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards,” says the FBI alert.
Krebs says almost all ATM cashout operations are done over the weekend, just after financial institutions begin closing for business on Saturday.
He gave the example of how hackers cashed out US$2.4mil (RM9.84mil) over two weekends in May 2016 and January 2017 from the National Bank of Blacksburg, a Virginia-based small bank.
The FBI is urging banks to review how they handle security by implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.
Some other suggestions for banks include implementing application whitelisting to block the execution of malware; auditing and limiting administrator and business critical accounts with the authority to modify other account; and monitoring for encrypted traffic (SSL or TLS) travelling over non-standard ports.