FBI Warns of Impending Cybercrime Against Major U.S. Banks

The Federal Bureau of Investigation has issued a warning to major banks in the U.S. of an impending cybercrime. They believe a heist called an “ATM cash-out” will take place, where cybercriminals will attempt to steal millions of dollars using cloned ATM cards to make fraudulent withdrawals.

Security researcher Brian Krebs first reported on this story after posting his findings to his blog of the supposed cybercrime. He writes, “The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’”.

An unlimited operation takes place when hackers use malware to customer bank card information and network access, potentially resulting in a massive ATM theft like this.

The Bureau sent out an alert warning: “Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cybersecurity controls, budgets, or third-party vendor vulnerabilities.” It continues, “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

The FBI has not commented on the specifics of the alert as of yet but has issued a statement saying, “The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cybercriminals.”

Krebs said most of these theft operations take place during the weekends, typically after the close of business on Saturday. Just recently, several operations similar to this have taken place. A heist occurred in India, with criminals absconding with $13.5 million in funds. Two intrusions took place in Blacksburg, Virginia in May 2016 and in January 2017 totaling $2.4 million.

The FBI has recommended that bank employees maintain increased security, along with strong passwords for account access and utilizing two-factor authorization. Consumers should also remain vigilant, check their accounts for any discrepancies, and activate fraud alert if they haven’t done so already.

Paul Brenda, Senior Vice President of risk and Cybersecurity policy at the American Bankers Association, told USA Today, “If they see anything they should report it. A bank would much rather hear about a potential fraudulent charge that turns out to be something that you don’t remember buying versus not hearing about that at all.” He added that if a customer is the victim of a theft of this nature “the bank is going to make you whole.”