The FBI warned the banks that the cybercrime is planning a global scale major cyber attack on the ATMs, using malware (a virus) and cloned cards to carry on ATM Cash-Out frauds
The FBI warned the banks that a cybercrime group is planning a major cyber attack on a global scale to ATMs. It has been reported by USA Today, quoting Krebs on Security. Since last Friday, the US authorities began to notify the banks about the possible cyber aggression in which they would use a malware, a virus, to hack the ATMs. It would permit to clone the cards that are used in them. The computer criminals, to achieve the theft, would enter the system and eliminate the notifications that are sent about a possible fraud. Then, they would change the cash disposal limits and finally start withdrawing using the cloned cards. The US authorities call this type of theft ATM Cash-Out.
Krebs on Security published the confidential memo the FBI sent to banks: We have obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days
About the imminent cybercrime operation, Krebs on Security published a confidential alert the FBI shared with banks privately on Friday. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” it reported. The FBI officially said in a statement that “routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
Which are the cyber security measures the banks have to implement to counter the massive cyber attack
The FBI is urging banks to review their cyber security, implementing strong password requirements and two-factor authentication, using a physical or digital token when possible for local administrators and business critical roles. Other tips in the advisory suggested that banks implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold. Implement application whitelisting to block the execution of malware. Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes. Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, such as Powershell, cobalt strike and TeamViewer. Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports, and monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.