Cyber criminals are planning a highly-coordinated attack on cash machines around the world that could see millions of dollars withdrawn from customer bank accounts, the FBI has warned.
A confidential alert sent to banks stated that the scheme, known as an “ATM cashout”, could take place in the space of just a few hours, most likely on a weekend after banks have closed. The scheme involves cloned cards, together with a hack on a bank or payment processor in order to facilitate the fraudulent withdrawal of funds by gangs of cyber criminals.
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” states an FBI alert to banks that was obtained by cyber security expert Brian Krebs
A similar attack reported last month resulted in losses of $2.4 million for the National Bank of Blacksburg, Mr Krebs noted, which involved hundreds of ATMs across the United States over the course of several months.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
Another incident in Thailand in 2016 saw the state-owned Government Savings Bank lose $360,000 from cash machines in the country.
“Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday,” Mr Krebs explained in a blog post.
“The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began.”
In order to maximise the payout in such attacks, hackers often remove fraud controls like withdrawal limits. This allows perpetrators to empty cash machines of all the money stored in them.
The FBI advised banks to review their security measures, keep their software up to date, and implement stronger protections when possible.