The United States Federal Investigation Office, the FBI, has sent an alert to banks about a threat of coordinated attack by jackpotting, which could reach the entire world. Cybercriminals would be installing malware in ATMs and credit and debit card processors to clone cards and make fraudulent withdrawals in a single moment. According to the statement, issued privately last Friday (10), the coup would be planned "for the next few days".
The offensive is called "unlimited operation", as criminals remove the limits of the bank account and number of transactions in order to withdraw large amounts of money at once. The FBI note was released by KrebsOnSecurity, a portal maintained by security expert Brian Krebs.
READ: What jackpotting? Attack makes ATM free money
FBI issues warning of likely jackpotting scam to ATMs Photo: Reproduction / Pond5
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
The installation of malware in ATMs is usually done by hacking or phishing. Once on the machine, the program removes fraud controls inserted by the financial institution, such as a customer's maximum amount and number of withdrawals per day.
The account information is captured by the malware, which still changes the available balance, leaving an unlimited amount. From there, the data is sent to other criminals, who print the information on reusable magnetic cards, such as gift cards purchased at retail stores.
Mass withdrawals are made with these cloned cards, after a predetermined time. Shares are commonly taken on weekends after banks close their branches. The most common targets are small and medium-sized financial institutions, which have less robust cyber security systems.
Unlimited attack logs
According to KrebsOnSecurity, $ 2.4 million was withdrawn from National Bank accounts in Blacksburg, Virginia, apparently using the scam described by the FBI. The first attack began on May 28, 2016, a Saturday, and continued until the following Monday, which was a public holiday. In this action, cybercriminals have raised nearly $ 570,000.
On January 7 this year, again on Saturday, the bandits again applied the coup, which lasted until Monday, the 9th. This last time, the damage was almost US $ 2 million. In both cases, access to the bank's system was achieved through phishing, and the victim was a Blacksburg employee.
The FBI asked banks to analyze their security systems and implement features such as strong password and two-factor authentication with physical or digital token, if possible. In addition, the US government office recommended separating procedures or including double authentication to view the account balance and make a withdrawal.
Other suggestions include creating a white list of applications to block malware from running; monitoring, auditing and limit of critical accounts, such as that of administrators and other agents who are able to change the banking attributes of customers; and monitoring of encrypted traffic through standard ports.
What ransomware: five tips to protect yourself