FBI Warns Of ATM Hacking Campaign

Banks on fraud alert after the FBI warn that thieves could steal cash using cloned ATM cards

The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.”

The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of dollars in just a few hours.”

And this type of risk is very real indeed. Last month for example hackers compromised the National Bank of Blacksburg in Virginia twice and made off with millions of dollars.

ATM attack

“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately last Friday, the Krebs On Security blog stated.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert apparently continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

With the National Bank of Blacksburg in Virginia compromise, the hackers reportedly used phishing emails to break into the Virginia bank in two separate cyber intrusions over an eight-month period, which allowed them to steal more than $2.4m (£1.8bn) in total.

And it may be that the cybercriminals have already struck, after the Independent newspaper reported that hackers with suspected ties to North Korea had syphoned more than £10.5 million from ATMs around the world in a highly-coordinated attack.

The heist on Cosmos Bank in India took place across several days, beginning on 11 August, just a day after the FBI issued its warning.

Cosmos reportedly said that the hackers utilised ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India.

Expert reaction

At least one security expert has warned banks that the hackers utilise existing tools to carry out their fraudulent activities.

“There is great insight provided by the FBI to the financial sector on ways to mitigate against these types of attacks,” said Andrew Ellis, senior researcher, Cyxtera Threat Analytics.

“The list provided includes many common defence-in-depth or general security hygiene practices, such as two-factor authentication, role-based access controls, network and system monitoring,” said Ellis. “By ensuring robust security controls are in place, financial institutions can protect themselves against cash out attacks, as well as many other common attacks.”

“When looking at cash out attacks in general, it’s important to remember that they are not typically comprised of unique or advanced techniques,” Ellis added. “Instead, attackers are able to leverage tools and tactics common to many other forms of cyberattacks. For organisations looking to protect themselves against cash out attacks, it may be more useful to focus on the ‘how’ rather than the ‘why’ or ‘what.’”

Do you know all about security? Try our quiz!