By Mac Slavo
The FBI is warning of a worldwide mass hacking plot that could see millions withdrawn from bank accounts. The major operation has forced the FBI to warn banks of an imminent “cashout” attack on cashpoints around the globe.
Banks have now been warned that they could fall victim to an “unlimited operation” in which millions of dollars could be withdrawn from cash machines. According to The Independent, the “jackpotting” scheme would see hackers use malware to take control of ATMs. Smaller banks with less sophisticated security are said to be most vulnerable to this attack. The “cashout” will most likely take place over the course of a few hours on a weekend after most banks have closed.
“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” states an FBI alert to banks that was obtained by cybersecurity expert Brian Krebs. “Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday,” Krebs explained in a blog post.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase in the near future,” the alert also stated.
The website Krebs On Security reported that criminals could create “fraudulent copies” of bank cards by installing their data on reusable magnetic strip cards. The FBI warned that “at a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.” In order to maximize the payouts during such cyber attacks, hackers will often remove the fraud controls such as withdrawal limits. This allows perpetrators to empty cash machines of all the money stored in them.
The FBI advised banks to review their security measures, keep their software up to date, and implement stronger protections when possible.
As of now, there is no clear way that one can protect themselves from this hack. Obviously, if you don’t have a bank account you won’t have to be concerned about this particular attack.