FBI Issues Private Warning to Banks about Unlimited ATM Cashouts

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

On August 10, 2018, the Federal Bureau of Investigation (FBI) issued a private warning to banks warning them that cybercriminals are planning to “conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation.’”

Recently, a typical unlimited operation uses a phishing campaign to  insert malware into the financial institution or payment card processor’s system so the cybercriminals have access to customers’ accounts, which allows the criminals to then steal large amounts of money through ATMs.

After the cybercriminals get into the financial institution or payment card processor’s system, they alter customer accounts so there are no limits on the account for ATM withdrawal, sometimes altering the balance, and then removing any fraud detection systems the financial institution or card processor put in place so large amounts of cash can’t be withdrawn through the ATM or that a customer can only withdraw money from their account through an ATM on so many occasions in one day. This allows the criminals to withdraw large amounts from accounts that they have altered to look like there is more money in them than is actually in the balance, and so the accounts can be wiped out in one ATM transaction.

Then the criminals create fraudulent cards based on the legitimate ATM cards and simultaneously withdraw large amounts from ATMs all over the country, usually on a holiday weekend.

The FBI provides these considerations for banks and card processors:

  • review present security measures, including implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles
  • implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold
  • Implement application whitelisting to block the execution of malware
  • Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes
  • Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, such as Powershell, cobalt strike and TeamViewer
  • Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports
  • Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution or card processor

With the Labor Day three day weekend right in front of us, banks would do well to pay attention to the FBI warning.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide