UDTSecure Threat Advisory - ‘UNLIMITED’ ATM Cashout Blitz Attacks

UDTSecure Threat Advisory – ‘UNLIMITED’ ATM Cashout Blitz Attacks

Threat ID: 1037985
Date: August 15th, 2018
Status: Confirmed
Impact: ‘UNLIMITED’ ATM Cashout Blitz Attacks
Security Rating: CRITICAL

Threat Overview
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. The attacks are expected to occur within the coming days, likely associated with an unknown card issuer breach commonly referred to as an ‘unlimited operation’.

The attacks compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, which enable large scale theft of funds from ATMs. These attacks typically occur by phishing their way into a bank or payment card processor. The intruders usually remove many fraud controls such as maximum ATM withdrawal amounts and limits on the number of customer transactions allowed daily. The cyber criminals also alter account balances and security measures to make an unlimited amount of available funds at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.

The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.

UDTSecure Recommendations
UDTSecure Cyber Security Consultants are urging our Financial Services clients consider implementing the following best security practices if not in place already to further reduce the threat:

Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.
Implement application whitelisting to block the execution of malware.
Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.
Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, such as Powershell, cobalt strike and TeamViewer.
Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.
Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.
Ensure all system logs are enabled and these logs are stored for a minimum period of 90 days particularly for all mission critical systems such as AD and Database Servers.
Ensure all employees are on the alert for incoming emails containing misspells in the domain name of the sender’s email address or in the context of the email itself. Specify they are not to click on any links included within the body of these messages.
Review the network connections, access privileges and activities of all Vendor or Third-Party vendors considered High-Risk Vendors due to the services they provide your organization.
This review should apply to all 3rd Party Vendors but priority should be given to High-Risk Vendors first.

If you suspect you’ve been the target of this attack, please call us immediately at 1-800-882-9919 and speak to one of our Cyber Security Consultants.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.