According to a confidential alert obtained by security researcher Brian Krebs, “The Federal Bureau of Investigation is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.”
As reported in his August 18 blog the alert states “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” The FBI stated that unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.
According to a Finextra announcement of August 19th the alert also warns that “Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities” stating that it “expects the ubiquity of this activity to continue or possibly increase in the near future” and offers a host of tips to combat the crooks.
Last month, KrebsOnSecurity broke a story about an apparent unlimited operation used to extract a total of $2.4 million from accounts at the National Bank of Blacksburg in two separate ATM cash-outs between May 2016 and January 2017. Hackers used phishing emails to break into the Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.
Learn more about protecting your institution from “Cash-out” catastrophe.
Click “Breaking the Bank” and Contact CSFi to learn more about, FraudBlock™, FraudBlock™ Standalone (SA), Foreign Card Limits, and other solutions limiting or restricting cardholder cash withdrawal transactions at your bank’s ATMs.