FBI Warns Of ATM Hacking Campaign

The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.”

The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of dollars in just a few hours.”

And this type of risk is very real indeed. Last month for example hackers compromised the National Bank of Blacksburg in Virginia twice and made off with millions of dollars.

ATM attack

“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately last Friday, the Krebs On Security blog stated.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert apparently continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

With the National Bank of Blacksburg in Virginia compromise, the hackers reportedly used phishing emails to break into the Virginia bank in two separate cyber intrusions over an eight-month period, which allowed them to steal more than $2.4m (£1.8bn) in total.

And it may be that the cybercriminals have already struck, after the Independent newspaper reported that hackers with suspected ties to North Korea had syphoned more than £10.5 million from ATMs around the world in a highly-coordinated attack.

The heist on Cosmos Bank in India took place across several days, beginning on 11 August, just a day after the FBI issued its warning.

Cosmos reportedly said that the hackers utilised ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India.

Expert reaction

At least one security expert has warned banks that the hackers utilise existing tools to carry out their fraudulent activities.

“There is great insight provided by the FBI to the financial sector on ways to mitigate against these types of attacks,” said Andrew Ellis, senior researcher, Cyxtera Threat Analytics.

“The list provided includes many common defence-in-depth or general security hygiene practices, such as two-factor authentication, role-based access controls, network and system monitoring,” said Ellis. “By ensuring robust security controls are in place, financial institutions can protect themselves against cash out attacks, as well as many other common attacks.”

“When looking at cash out attacks in general, it’s important to remember that they are not typically comprised of unique or advanced techniques,” Ellis added. “Instead, attackers are able to leverage tools and tactics common to many other forms of cyberattacks. For organisations looking to protect themselves against cash out attacks, it may be more useful to focus on the ‘how’ rather than the ‘why’ or ‘what.’”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

18 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

19 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

20 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

22 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago