Banks have been warned of an imminent threat that their cash machines could be mass-hacked by cyber criminals.
In a confidential alert on Friday, America’s Federal Bureau of Investigation told international banks that criminals are plotting a concerted global malware attack on cash machines in the next few days.
The FBI issued a warning about a highly choreographed fraud scheme known as an ATM “jackpotting”, in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to take out millions in just a few minutes.
- The FBI has sent a confidential alert to warn banks of a global ‘cash-out scheme’
- A ‘jackpotting’ scheme would see hackers use malware to take control of ATMs
- Smaller banks with less sophisticated security are said to be most vulnerable
America’s intelligence chiefs have warned banks of a major hacking threat to cash machines worldwide in the next few days.
The FBI sent out a confidential alert on Friday to warn that cyber criminals are planning a global ‘cash-out scheme’ using malware to take over ATMs and steal millions of dollars.
Banks were warned that they could fall victim to an ‘unlimited operation’ in which millions of dollars could be withdrawn from cash machines.
Smaller banks with less sophisticated security systems are thought to be most vulnerable to an attack using the ‘jackpotting’ technique, the Daily Telegraphreports.
The warning said: ‘The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach.’
The website Krebs On Security reported that criminals could create ‘fraudulent copies’ of bank cards by installing their data on reusable magnetic strip cards.
The FBI warned that ‘at a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.’
‘Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,’ the alert said.