British banks have been warned their ATMs could be targeted by cyber criminals as part of a coordinated global mass-hack.
A confidential alert from the FBI told international banks that criminals are plotting a concerted global malware attack on cash machines “in the coming days”.
According to the Daily Telegraph, this could take the form of a “highly choreographed fraud scheme” known as an ATM “jackpotting”, in which thieves hack a bank or payment card processor and use cloned cards at cash machines around the world to take out millions in just a few minutes.
Andrew Bushby, UK director at Fidelis Cybersecurity, told the paper that UK banks “are a likely target – and this latest ‘ATM cash-out blitz’ will no doubt send shockwaves to financial institutions”.
While UK-based banking giants such as Barclays and HSBC were made aware of the threat, it is believed that smaller, independent banks are most at risk as criminals are more likely to target banks that issue debit cards but tend to have less stringent security systems.
Krebs on Security says that organised cybercrime gangs that coordinate unlimited attacks “typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum ATM withdrawal amounts and any limits on the number of customer ATM transactions daily”.
The security blog says virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday.