Last week, U.S. FBI had warned all the financial institutions that a large number of ATMs are being targeted by fraudsters to withdraw large sums of currency, as reported on Krebs on Security has reported. The confidential notice was reportedly shared with banks on Aug. 10.
Comment on the advisory issued by FBI, Kimberly Goody, Manager, Financial Crime at FireEye said “Details about the tactics, techniques, and procedures used in this incident are still emerging, and we cannot independently corroborate which incident is directly tied to the FBI notification. Multiple sophisticated criminal organizations that are currently active have previously conducted network-based ATM attacks (aka logical attacks), including TEMP.MetaStrike (aka Cobalt Group) and MoneyTaker.”
This type of ATM exploitation operation requires expertise in social engineering campaigns, network infiltration, and financial institution protocols; however, when successfully conducted, the operations allow more lucrative cash-out operations compared to operations where malware is physically installed on individual ATMs. Due to the potential for significant profits from these operations, coupled with the growing number of ATMs globally, we are highly confident that threat actors will continue to target financial organizations, taking advantage of any gaps in security controls, in order to perform large-scale cash-out operations for the foreseeable future.” Goody concluded.