The US’s Federal Bureau of Investigation (FBI) has warned that banks could lose millions of dollars to cybercriminals through cash machines in a highly-coordinated global fraud scheme (ATM scam) that could happen this weekend.
The fraud scheme, which has been staged globally by the criminals, will involve the use of dummy cards, also known as “blanks,” to cash out millions of dollars within a few hours and will also feature hacking of a bank or payment card processor around the world, reports Krebs On Security.
“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” said a confidential FBI alert to banks on Friday.
The global ATM scam: what makes it an ‘unlimited operation’
The hackers plan to deploy a malware that could compromise financial institution operations or automation processes such as a payment card processor. This control would grant the crooks access to exploit the bank’s network; access to card information of bank customers and also allow them to disable fraud controls
With a full control of all automation protocols, they would be able to coordinate the proposed large-scale fund theft from ATMs in just a few hours.
“The cybercriminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” said the FBI. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”
Between May 2016 and January 2017, an ‘unlimited operation’ was used by cybercriminals to cash out a total of $2.4 million in two separate ATM cash outs from accounts at the National Bank of Blacksburg, according to Krebs’ report last month.
In both attacks, the crooks succeeded in gaining access to the bank’s network and compromised its credit and debit system after phishing on someone working at the bank.
Any ATM attack would likely be on a weekend
The first attack [unlimited operation] against the National Bank of Blacksburg, which the attackers made away with almost $570,000, lasted for about three days. It began on Saturday (May 28, 2016) and ended on Monday, which was a federal holiday (Memorial Day) in the United States. That means the attackers are particularly interested in weekends when the banks are closed. The second attack against the bank also began on Saturday (January 2017) and ended on Monday. They succeeded in withdrawing about $2 million in another unlimited operation involving ATM cash out.
Tips from FBI on how to prevent the ATM scam
The FBI has advised financial institutions to review how they handle their security messages. Banks were advised to:
- Implement two-factor authentication that involves a physical token and strong password requirements for business critical roles such withdrawals above the specified threshold.
- Monitor for encrypted traffic traveling over non-standard ports
- Deploy white-listing of application to block malware execution
- Audit, limit and monitor business critical accounts that can modify critical features of account.
- Monitor for the presence of administrative tools and remote access networks such as TeamViewer, Powershell, and cobalt strike.