The FBI has started warning banks and financial institutions that hackers could be looking to compromise their ATM systems.
Krebs on Security -- a blog run by cybersecurity expert Brian Krebs -- first broke the story on Sunday. Krebs reported that “cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an ‘ATM cash-out.’” The scheme involves a hacker breaking into a bank or payment card processor and using stolen information to withdraw large sums of money.
The FBI sent an alert to banks on Friday warning of this potential threat.
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited’ operation,” said the FBI’s notice to banks.
What the hack looks like
Hackers typically gain access to a bank’s system by phishing. From there, they’ll not only alter account balances, but they’ll also change settings to disable transaction limits and maximum ATM withdrawal amounts. This allows them to use fake bank cards -- made from stolen information -- and take out large sums of money in one foul swoop.
The FBI has yet to comment specifically on this specific potential attack, though a spokesperson did speak to CNN.
“In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” the spokesperson said. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
Last month, Krebs on Security reported two successful cash-out schemes, in which the hackers stole close to $2.4 million from The National Bank of Blacksburg in 2016 and 2017.
The FBI is encouraging banks to implement tighter security measures -- such as two-step authentication, tighter network monitoring, and stronger password requirements.