Posted on 08/13/2018 12:53:50 PM PDT by MarchonDC09122009
Cash machines could be mass-hacked in global cyber attack, FBI warns
https://www.telegraph.co.uk/technology/2018/08/13/uk-cash-machines-could-mass-hacked-global-cyber-attack-fbi-warns/
By: Natasha Bernal
13 AUGUST 2018 • 2:06PM
Banks have been warned of an imminent threat that their cash machines could be mass-hacked by cyber criminals.
In a confidential alert on Friday, America's Federal Bureau of Investigation told international banks that criminals are plotting a concerted global malware attack on cash machines in the next few days.
The FBI issued a warning about a highly choreographed fraud scheme known as an ATM "jackpotting", in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to take out millions in just a few minutes.
UK-based banks with large international operations, such as HSBC and Barclays, are among those thought to have been made aware of the...
(Excerpt) Read more at telegraph.co.uk ...
If they are running Windows on those ATMs they are asking for it.
Or is the FBI just looking to deflect attention from the growing Peter Strzok sh**storm?
Inquiring minds want to know.
LOL, I am LITERALLY on a call with one of our client banks about this very notice.
If they’re going to start spitting out free money, let me know when and where...
Please let us know what the consensus is.
Well, what was the final outcome of the meeting?
They must have an army of crooks already to go? I mean, if banks only put a few thousand in each machine and the withdrawal limits are $500/day, how many crooks and how many atms's would need to be targeted...hundreds?
I have a $500 daily limit on ATM withdrawal. Would withdrawing this amount just after midnight until the problem is settled give you immunity?
Mostly the bank needs to review the controls in place and establish a process that more quickly detects changes to account / system authorizations.
Just standing here next to an ATM and waiting for that cash to start shooting out...
Good timing FBI!!! I’ve completely forgotten about all the corruption going on within your “organization”!!! ~sarc
The problem is that in part of the attack the card processors are compromised as well, eliminating daily limits, fraud alerts, and even PINs making the criminals job much easier.
And a day later, the paper money will be worthless.
From the description, the hack is at the card processor, not the ATM
I guess its time to learn about Hacking.
Mostly the bank needs to review the controls in place and establish a process that more quickly detects changes to account / system authorizations.
Further detail from Krebs:
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/
FBI Warns of ‘Unlimited’ ATM Cashout Blitz
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday.
The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum ATM withdrawal amounts and any limits on the number of customer ATM transactions daily.
The perpetrators also alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.
“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” the FBI warned. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”
Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday. Last month, KrebsOnSecurity broke a story about an apparent unlimited operation used to extract a total of $2.4 million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.
In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank. From there, the intruders compromised systems the bank used to manage credits and debits to customer accounts.
The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began. All told, the attackers managed to siphon almost $570,000 in the 2016 attack.
The Blacksburg bank hackers struck again on Saturday, January 7, and by Monday Jan 9 had succeeded in withdrawing almost $2 million in another unlimited ATM cashout operation.
The FBI is urging banks to review how they’re handling security, such as implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.
Other tips in the FBI advisory suggested that banks:
-Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.
-Implement application whitelisting to block the execution of malware.
-Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.
-Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, such as Powershell, cobalt strike and TeamViewer.
-Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.
-Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.