By Barry Eitel
A cyberattack on an Indian bank announced Tuesday follows a scheme predicted by an alert from the Federal Bureau of Investigation (FBI).
Cosmos Bank said hackers stole about $13.5 million in a matter of minutes over the weekend from withdrawals in 28 countries in an ATM cash-out attack.
“The transactions were carried out using fake debit cards,” Cosmos Bank Chairman Milind Kale said in a statement. “The deposit of account holders is safe and intact. However, as a precautionary measure, we have stopped the online system for two days.”
The FBI warned banks of a potential coordinated cyberattack aimed at ATMs around the globe, cybersecurity blog Krebs on Security announced.
The bureau issued an alert that cybercriminals are planning an attack on payment card processors and banks, security researcher Brian Krebs said. The hackers were expected to clone debit cards and use them at ATM machines around the world at the same time in order to steal millions of dollars.
The scheme is known as an ATM cash-out.
“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” said the confidential FBI alert cited by Krebs. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
The stolen debit card data can be imprinted on certain cards with magnetic strips, like gift cards for major retailers. Once altered, the cards can be used at unprotected ATMs to pull out money.
“At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards,” the alert says.
The FBI believes the cash-out could occur within several days. Apparently, similar hacks have usually been committed on the weekends or holidays when banks are closed.
In July, the First National Bank of Blacksburg, a small bank headquartered in Virginia, announced it had been the victim of an ATM cash-out. The bank reported that hackers had stolen $2.4 million following two separate cash-out operations in 2016 and 2017. The hackers apparently accessed the bank’s sensitive data by hacking into an employee’s accounts.
The FBI did not comment on the leaked alert or if the Cosmos Bank hack was related to the alert.Anadolu Agency website contains only a portion of the news stories offered to subscribers in the AA News Broadcasting System (HAS), and in summarized form. Please contact us for subscription options.