The FBI is taking steps to ensure that banks are fully aware of a new fraud called ARM Cash-out. It involves the use of malware that attackers use to compromise a bank or payment card processor. They then disable the fraud controls and withdraw huge sums of money with cloned bank cards.
The Federal Bureau of Investigation reportedly sent out an alert to banks last week informing that it has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”
The attackers need access to a financial institution’s system before they can change the account balances and disable maximum ATM withdrawal amounts as well as transaction limits. This enables them to quickly take out cash from ATMs with cloned bank cards.
This fraudulent scheme has been put to use in recent years. Attackers stole almost $2.4 million from The National Bank of Blacksburg through two attacks in 2016 and 2017. Banks have been encouraged by the FBI to adopt more stringent security measures which include tougher password requirements and two-factor authentication. They have also been advised to improve network monitoring to ensure that an attack can be flagged in a timely manner.
Filed in .. Source: krebsonsecurity