Banks have been put on high alert for new attacks that target cash at ATMs, after U.S. banks were warned last week by the Federal Bureau of Investigation of potential threats.
Routinely FBI advises private industry about different cyber-threat indicators it observed during its investigations, said a spokesperson for the FBI. The data, the spokesperson added, is provided as a way to help the systems administrators to guard against the persistent actions of cyber criminals.
The method being warned about is “jackpotting,” which involves the installation of malware on the machines that causes the ATM to dispense all of the cash it has. Jackpotting is not new as it’s been around close to 10 years and is more and more common in emerging market regions. If is different from most other cybercrimes as physical access is required.
Over this past weekend, Cosmos Co-operative Bank in India is said to have lost more than $13.5 million in 28 countries. Brian Krebs the Cybercrime journalist reported on the warning by the FBI earlier on his Krebs on Security site.
The warning about jackpotting is the most recent challenge facing banks as they attempt to protect themselves against both cyber and physical attacks.
Bank executives have boosted their budgets for cybersecurity as their business overall becomes more and more digital and consumers data becomes that much more vulnerable to the latest forms of attack.
One spokesperson for Citigroup said that protecting the bank and its clients from threats from cyberattacks is a critical priority for the bank, adding that the bank is aware of the latest threat and is working with law enforcement authorities to take all the preventative action necessary to safeguard customers.
Debit cards in the U.S. are now on the same system of chip-and-PIN as the remainder of the world, which changes things for those trying to gain access that is unauthorized to cash in ATMs across the U.S.
ATM jackpotting is tougher than placing a fake card reader on a device. It requires the criminals to install a malware on the computer that runs the cash dispenser to send it a signal to release its full amount of cash. That means the machine usually must be broken into.