Unlimited money withdrawal from ATM: new hacking attack

Financial institutions have already been prevented

The Federal Bureau of Investigation (FBI) warns cyber security organization teams of banking institutions that hacker groups are preparing to carry out a highly coordinated global fraud scheme identified as “ATM cash out”, in which a bank or payment cards processor is intervened and cloned cards are used in ATMs around the world to fraudulently withdraw millions of dollars in just a few hours.

“The FBI has collected reports indicating that hacker groups plan to carry out an ATM cash withdrawal scheme in the next few days, probably associated with a security breach against a card issuer”, mentions a statement from the investigation agency.

The FBI mentions that, in order to carry out the cash out operation, the attackers would compromise a financial institution with malware to access the bank’s client card information and exploit the access to the network, which would allow the ATM large scale theft.

Organized cybercrime groups that coordinate attacks usually do so through phishing campaigns against banks to inject malware. Just before executing ATM withdrawals, intruders eliminate anti fraud security measures in the financial institution, such as maximum amounts of ATM withdrawals and any limit on the number of ATM transactions a user can perform in a single day. Attackers also alter account balances and security measures to make an unlimited amount of money available at the time of transactions, allowing a quickly cash out.

“Hackers often create fraudulent copies of legitimate cards by collecting data”, warn FBI cyber security organization specialists. “Later, other members of the criminal network withdraw funds from ATMs”.

Nearly all ATMs cash out operations are held on weekends. Last month, apparent cash out operations were disclosed, used to extract a total amount of $2.4M USD from Blacksburg National Bank accounts, made in two separate withdrawals from ATMs between May 2016 and January 2017.

In both cases, the hackers managed to deceive a worker from the small bank based in Blacksburg, Virginia. From there, the attackers endangered the systems that the bank used to manage the credits and debits in the clients’ accounts.

The FBI is urging banks to review their cyber security organization measures, such as implementing solid password requirements and two factor authentication using a physical or digital token when possible.

According to reports of cyber security organization experts from the International Institute of Cyber Security, the FBI estimates that the attack would begin to be implemented in the coming days.