Krebs On Security Gets the Memo
Here’s what the FBI is telling banks in a confidential alert (via Krebs On Security, which first reported the warning):“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation.’”
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities.”
“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”
ATM Cash Out: Potential Anatomy of the Hacker Attacks
According to Krebs, the attackers will first remove some fraud controls, such as maximum withdrawal amounts and restrictions on the number of ATM transactions, and may modify account balances, just before springing the “cash out.” The FBI is recommending banks add these precautions (via Krebs):- Strong password requirements and two-factor authentication.
- Separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.
- Application whitelisting to block the execution of malware.
- Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.
- Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network.
- Monitor for encrypted traffic traveling over non-standard ports.
- Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.