Banks are on alert for new attacks targeting cash in ATMs after the Federal Bureau of Investigation warned U.S. lenders last week of a potential threat.
“The FBI routinely advises private industry of various cyber-threat indicators observed during the course of our investigations,” Lauren Hagee, an FBI spokeswoman, said in an emailed statement. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
The method, known as jackpotting, involves installing malware on machines that causes the ATM to dispense all the money it has. Jackpotting has been around for almost a decade and is common in emerging-market countries. It differs from most cybercrime in that it requires physical access.
In what may have been the FBI’s warning coming to fruition, India’s Cosmos Co-operative Bank lost $13.5 million across 28 countries over the weekend, Reuters reported Tuesday. Cybercrime journalist Brian Krebs reported earlier on the FBI’s warning on his website, Krebs on Security.
The jackpotting warning is the latest challenge for banks as they work to protect themselves against physical and cyber attacks. Bank executives have been boosting cybersecurity budgets as the business gets increasingly digital, and consumer data becomes more vulnerable to new types of attacks.
“Protecting Citi and our clients from cyber-security threats is a critical priority for us,” Elizabeth Fogarty, a spokeswoman for New York-based Citigroup Inc., said in an emailed statement. “We are aware of the threat and are working with authorities to take preventive action to safeguard our clients.”
Debit Card Chips
American debit cards are now on the same chip-and-PIN system as the rest of the world, a game changer for criminals trying to gain unauthorized access to the cash locked in ATMs in the U.S. Until recently, scammers could attach a fake card reader to the machines and steal the card and PIN numbers from anyone who swiped.
ATM jackpotting is more difficult. It requires scammers to install malware on the computer that governs the cash dispenser to tell it to release all its cash. This usually means physically breaking into the machine.
Consumers in the U.S. are protected by “zero liability” policies covering losses from fraud. Banks typically have insurance against cyberattacks and build some loss from fraud into their reserves
Was this article valuable?
Here are more articles you may enjoy.