The Strategist

FBI warns of a possible attack on ATMs

08/14/2018 - 05:36

Specialized research agency KrebsOnSecurity reports that the FBI sent a warning to the largest US banks. The agency warns that cybercriminals are preparing a massive international attack on ATMs. The goal is to hack accounts and systems of payment operators to produce clones of compromised cards. Funds will be transferred from the hacked accounts on the clone cards, which will then be cashed at ATMs around the world. Banks are recommended to pay special attention to implementation of verification procedures for transfers and to possible activation of cash withdrawal operations in uncharacteristic regions.

The FBI has already informed the largest US banks about the impending fraudulent scheme of cybercriminals, notes KrebsOnSecurity with reference to the report’s copy. "The FBI received information that hackers in the coming days are planning to make a global attack on ATMs for the purpose of mass cash withdrawals. The attack may be related to hacking of an unknown card issuer," the report reads.

According to the FBI, having access to the issuer's data, the attackers are going to make clone cards and carry out an "unlimited" number of cash withdrawal operations at ATMs around the world. Data leakage could occur through a phishing attack or introduction of malware into the informational system of one of the smaller financial institutions. "According to previous experience, it can be said that burglary is often committed in small and medium-sized companies in the financial sector that do not have serious cyber protection, do not have the budget to purchase reliable control systems, or use vulnerable contractors for such work," the warning says. The agency expects that that the data leak will repeat in the near future. "

KrebsOnSecurity notes that criminals can make clone cards by putting data on reusable magnetic tapes, for example, contained on gift cards that can be bought in a supermarket. "In a pre-agreed time, criminals will start withdrawing money from ATMs using such card clones," the FBI said.

In connection with possible hacking, banks are urged to thoroughly check their systems for malware or unauthorized access, pay special attention to mass cash withdrawal operations in excess of the established limit, enter a two-step authorization for such transactions, check movement of encrypted data (SSL or TLS) through atypical nodes, pay attention to a possible surge in operations for the mass withdrawal of large cash in atypical areas for this.