The Federal Bureau of Investigation (FBI) has issued a warning to banks that cybercriminals are gearing up to launch a choreographed global scam, known as the “ATM cashout,” in which the bad guys hack a bank or payment card processor to make cloned cards that they can use to withdraw money from ATMs around the globe. According to a Krebs on Security report, citing a confidential alert the FBI sent to banks late last week, millions of dollars can be stolen in only a few hours.
“The FBI has obtained unspecified reporting, indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation,’” the letter read, according to the report.
According to the FBI, the bank or payment processor is compromised with malware to access bank customer card information and exploit network access, enabling funds to be taken from ATMs.
“Historic compromises have included small to medium-[sized] financial institutions [FIs], likely due to less robust implementation of cybersecurity controls, budgets or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future,” the FBI said in the alert, according to Krebs.
What’s more, the FBI said the hackers can change bank account balances and security measures to make unlimited amounts of money accessible at the time, so they can quickly steal large amounts of cash.
As a result of the alert, the FBI offered up advice for banks, including: implementing “separation of duties or dual authentication procedures for account balance, or withdrawal increases above” a certain amount; putting in place application white-listing to block malware from being executed; monitoring, auditing and limiting “administrator and business critical accounts, with the authority to modify the account attributes;” monitoring “for the presence of remote network protocols and administrative tools used to pivot back into the network;” monitoring “for encrypted traffic traveling over non-standard ports;” and monitoring for network traffic to regions where banks wouldn’t expect to see outbound connections from FIs.