FBI Warned Of ATM Cash-Out Fraud Scheme Targeting Banks Globally – Has It Begun?

Amidst all the ATM hacks and malware attacks, this time, a larger campaign has been flagged as a threat. Reportedly, FBI warns of a ATM Cash-out fraud scheme that could target banks around the world. Consequently, the attackers may conduct fraudulent transactions through cloned ATM cards but on a huge scale.

FBI Warns Of ATM Fraud Scheme Spreading Globally

As reported by KrebsOnSecurity, FBI warns of ATM fraud scheme that could affect the banks globally. Allegedly, the campaign includes everything from the attackers hacking banks to conducting fraudulent transactions and money withdrawals through cloned ATM cards. FBI names the scheme as “ATM Cashout”.

Reportedly, FBI has shared a private notification with the banks on Friday, alerting them about the potential ATM fraud scheme. It states,

“FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days. Likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”

According to FBI, this ‘unlimited operation’ includes breaching customers’ data from financial institutions via malware attacks or exploiting network access. As a result, the attackers could steal money largely via ATMs.

Stating further about the possible actions of the attackers, the notification reads,

“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

For successful thefts, the attackers may alter account balances and may even alter security measures that cap money withdrawals via ATMs. Thus, making it possible to steal large amounts of money.

Has The Campaign Begun Targeting Banks?

The FBI reportedly sent alerts to the banks on Friday (August 10, 2018). Surprisingly, the next day, reports surfaced online about fraudulent transactions from the Cosmos Bank’s ATMs in three different countries.

According to the news sources, the India-based Cosmos Bank faced suffered a massive cyber attack, losing Rs. 94 Crores (over $13 Million Dollars) in two days. On August 11, 2018, and August 13, 2018 (one and three days after FBI’s warning, respectively), some unknown attackers transferred the amount from 25 ATMs located in three different countries, Canada, Hong Kong, and India.

The Pune, India based bank faced a malware attack that allowed the attackers to carry out thousands of transactions on these days. According to an FIR, the attackers transferred Rs. 78 Crores (over $11 Million Dollars) out of India via more than 12,000 transactions through cloned card details on August 11, 2018. Then, on the same day, they stole Rs. 2.5 crores (approximately $355 Thousand Dollars) via 2,849 fraudulent transactions within India.  Later, on August 13, 2018, the attackers siphoned Rs. 13.92 crores (almost $2 Million Dollars) to a bank based in Hong Kong via false swift transactions.

Talking about how the attackers used cloned ATMs, a bank’s official said,

“While cloning the Visa and Rupay debit cards of bank account holders and using a “parallel” system to the National Payment Corporation of India (NPCI), the hackers self-approved the transactions and withdrew over Rs. 94 crores on two to three occasions.”

Considering the enormity of the first incident after FBI’s warning, it is indeed difficult to foresee the losses the banks might suffer in this ATM fraud campaign and how they plan to protect themselves.

Let us know your thoughts in the comments section.

Related posts

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs

Sign1 Malware Targeted Over 2500 WordPress Sites In Recent Campaign

Unsaflok Flaws Allow Unlocking Saflok Door Locks With Forged Cards