FBI warns of potential attacks on ATMs around the world: security blog

  • TECH
  • Wednesday, 15 Aug 2018

A hooded man holds laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration

Krebs on Security blog claims that the Federal Bureau of Investigation (FBI) has received an “unspecified report” that cybercriminals are preparing to carry out a large-scale global attack on ATMs in the coming days.

The attack will compromise banks or payment card processors with malware which would give the hackers access to the banks’ network and customer card details which will enable funds to be withdrawn from ATMs.

The blog posted that the FBI had sent an alert to banks saying, “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”
The blog by veteran cybersecurity journalist Brian Krebs explains that in an “unlimited operation” attack, the hackers typically remove limits such as withdrawal amount and number of transactions.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future,” adds the alert.

It also warns that the info will be sent out to other cybercriminals who will then be able to create clone cards to continue withdrawing money at different ATMs.

“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards,” says the FBI alert.

Krebs says almost all ATM cashout operations are done over the weekend, just after financial institutions begin closing for business on Saturday.

He gave the example of how hackers cashed out US$2.4mil (RM9.84mil) over two weekends in May 2016 and January 2017 from the National Bank of Blacksburg, a Virginia-based small bank.

The FBI is urging banks to review how they handle security by implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.

Some other suggestions for banks include implementing application whitelisting to block the execution of malware; auditing and limiting administrator and business critical accounts with the authority to modify other account; and monitoring for encrypted traffic (SSL or TLS) travelling over non-standard ports.
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Czech car sector to make 250,000 fewer vehicles this year due to chip shortage
5G technology begins to expand beyond smartphones
Opinion: The fragile Internet is a threat to the economy
US entrepreneur has food allergies. So he made a life-saving phone case
What if coughing into your smartphone could save your life?
Teletherapy often leaves out older people. Here's how a US researcher is trying to help them connect
This augmented reality app can help you conquer your fear of spiders
Tips for speeding up your slowing PC
'Humankind' - A game where you can win or lose against climate change
Greener streaming: Ways to use less energy while watching shows

Others Also Read