Posted on August 17, 2018 at 6:45 AM
“ATM Cashout” Scheme Targets Bank in India
It seems that no one is immune to being hacked by cybercriminals. Cosmos Bank in India has reported that it was hacked over the weekend by cybercriminals. It has been reported that an estimated $13.4 million was stolen from the bank’s customers.
What Caused the Attacks?
The bank’s credit card payment system was infected with malware initially. This allowed the hackers to use a fake credit card to make multiple ATM withdrawals simultaneously in approximately 28 countries around the world. It also gave the hackers the ability to approve transactions and access customer accounts.
The cybercriminals were, then, able to implement a false SWIFT money transfer to empty the ATMs. The attacks were completed in two phases. In total, close to 15,000 transactions were completed over a seven-hour period in the first phase on Saturday. On Monday, almost $2 million of the money was reportedly transferred to a Hong Kong bank account during the second phase. At the time of this writing, no one has claimed responsibility for the cyber-attacks.
What is an ATM Cashout?
According to Brian Krebs, the Federal Bureau of Investigations (FBI) issued an advanced warning to American banks stating that a cyber-attack was imminent. At the time of the report, the name of the bank was not disclosed. However, it was disclosed that the potential attack was resulting from a data breach at a card issuer. The name of the card issuer was not disclosed.
Krebs reported that the “highly choreographed, global fraud scheme” is known as “ATM cashout.” During the process, a bank’s vulnerabilities are identified, and the hackers will remove the bank’s systems that provide fraud control. By using this approach, the hackers can make changes to account balances or internal security and fraud preventive measures. Once these are removed, the hackers will have unlimited access to client accounts and the bank’s ATM network.
How Can Banks Prevent a Recurrence in the Future?
The FBI suggests that banks review their standard operations procedures for ensuring that security measures are adequate. Some of the suggestions include: requiring clients to provide stronger passwords and using two-factor authentication methods. In addition to these security measures, the FBI also suggested using multiple authentication procedures with data information known only to the account holders.
Some other security measures would also include strengthening their internal systems to protect against the infiltration of malware and other digital methods used to cause cyber-attacks. Banks will also need to become more responsible for increasing the frequency of reviewing their quality control and auditing measures.
With the increase of technological advances, the recent activity only appears to be the beginning of what could be a widespread problem. Cyber-criminals are showing no signs of slowing down their criminal activity. At this point, one can only question just how secure the financial institutions are and whether the recent attacks will cause them to focus more on client protection and eliminating systemic vulnerabilities.
