FBI (Federal Bureau of Investigation) has issued a warning to the leading banks and financial institutions of the world that cybercriminals across the globe are preparing themselves to execute the highly choreographed and well-organized global fraud scheme which will be referred to as the “ATM Cash-out.” In this fraud, the cybercriminals will hack some bank or financial institutions by making use of the payment card processor. They will then make use of cloned ATM cards at the respective ATM machines of the banks across the world to fraudulently withdraw unlimited amounts of money in a matter of few hours.
A highly confidential alert shared with FBI recently indicated cybercriminals around the world are making plans to carry out the global ATM (Automated Teller Machine) cash-out scheme in the upcoming days. The fraud will be most likely be associated with some unknown card issuer breach and will be referred to as the “unlimited operation.”
The FBI, in a statement, said that the act of unlimited cash-out operations would be aimed at compromising some payment card processors or financial institutions with a malware program that accesses customer’s ATM bank card information. The malware will also aim at exploiting the existing network access which would enable large-scale theft of money or funds from the respective ATMs.
The alert continues that past compromises included only small to medium-sized banks or financial institutions in this type of attack. This was due to the lack of a robust security measures, limited budgets, and third-party technical vulnerabilities. However; this time, the FBI suspects attacks on all sizes of institutions.
Well-planned and organized cybercriminals that attempt these attacks achieve so by phishing or hacking their way into the payment card processors of the banks. Just before the execution of the ATM cash-outs, the hackers will remove all sorts of fraud controls at the given financial institution including maximum ATM withdrawals amounts or any such limit on the daily number of transactions allowed at ATM machines.
The attackers can also alter the security measures and account balances for executing the unlimited cash-out fraud. This allows them to take out the maximum amount of money available in the bank account at any time.
The FBI is asking banks and financial institutions around the globe to scrutinize security measures and processes. This would involve reviewing factors such as implementing strong passwords and implementing two-way authentication security mechanisms. The FBI also suggests that banks monitor encrypted traffic including TLS or SSL over non-standard ports for ensuring maximum security.