Banks across the world brace for ATM hacks after FBI issues shocking warning of cybercriminal threat
Intelligence officials in the US have sent out warnings to banks across the world after they received a massive threat from hackers to cash machines (ATMs). The FBI sent out a confidential alert to banks on August 10 warning them that cybercriminals are plotting a planet-wide "cash-out scheme" that uses malware to take control of ATMs and potentially steal millions of dollars from regular taxpayers. The banks were also warned that they could end up being the victims of an "unlimited operation" where millions of dollars could end up being withdrawn from ATMs. Smaller banks which have security measures that are not as advanced as bigger ones are the ones most at risk of an attack that uses the "jackpotting" technique.
The Daily Telegraph reported that the FBI warning to the banks said: "The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach."
A website called Krebs on Security reported that the cybercriminals could make "fraudulent copies" of cards issued by banks by simply installing the data on these cards to reusable magnetic strip cards. The FBI has stated that "at a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards". The alert also said: "Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities."
Cyber attacks could affect banks around the globe with certain British banks which have major interest abroad, like Barclays and HSBC, being a couple of the major banks that have been informed of the danger posed by the "jackpotting" technique. It was revealed earlier in the year that a coordinated group of cybercriminals had managed to steal more than $1 million by taking over ATMs in the US.
Officials said in January that the rash of attacks represent the first time that widespread jackpotting activity has happened on US soil. The heists all involved ATMs being made to shoot out money rapidly and have taken place in the US stretching from the Gulf Coast to New England.
An alert that had been issued by ATM makers at that time had said that the method the criminals were using included gaining physical access to the machine, replacing the hard drive inside, and using an industrial endoscope to push a button inside that is required to reset the ATM. An alert that was sent out by the US Secret Service to banks in January this year had said that ATMs that were still running on Windows XP were at more risk and urged ATM makers to update their systems to Windows 7 to protect themselves against the attack.
Hackers have since moved from stealing payment card numbers and online banking information to hacks that will bring them more money on bank networks. This gives them access to ATM machines as well as electronic payment networks. It was reported in 2016 that the cybercriminals had attacked ATMs in more than a dozen countries in Europe and this was all done remotely.