The Federal Bureau of Investigation (FBI) recently warned banks that cybercriminals are poised to carry out an “ATM cash-out,” an operation that gives thieves access to untold sums of money by bypassing security measures on an ATM. If successful, the operation has the potential to be a heist unlike any we’ve ever seen.
The FBI told banks on Friday:
The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and common referred to as an ‘unlimited operation‘.
These unlimited operations compromise financial institutions or payment processors by installing malware that allows hackers to exploit network access, allowing admin-level access. Once inside, bad actors can disable fraud protection, raise maximum ATM withdrawal amounts (and transaction limits) and withdraw large sums of money. Millions, potentially.
All they’ll need to carry out the attack are debit and credit card numbers found on the dark web, and dummy cards, also known as “blanks,” to attach the numbers to.
The FBI warns:
The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.
According to KrebsOnSecurity, these attacks are almost always launched on weekends, typically after the institutions close for business on Saturday. So far, no further details are being shared and we have no timeline for when this “cash-out” may occur.