Cybercriminals are getting ready for a big payday.

Last week, the FBI warned banks that criminals are gearing up to execute a global bank heist in the coming days, according to security blog Krebs on Security. The scheme, known as "ATM cash-out," involves hacking banks or payment card processors, cloning cards, and using them to withdraw millions of dollars across the world in a few hours. The FBI did not immediately respond to a request for comment.

The alert said the agency had procured information indicating an attack was imminent and that it was likely an "unlimited operation," which uses malware to exploit network access and get customers' card information at a large scale. Once the criminals get the card data, they create fraudulent copies using reusable magnetic strip cards (like gift cards) and hit the ATMs.

"Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities," reads the confidential alert, which was sent to banks last Friday. "The FBI expects the ubiquity of this activity to continue or possibly increase in the near future."

The alert urges banks to review their security systems and use two-factor authentication with a physical or digital token. Other tips include monitoring and limiting administrator and business accounts with the authority to modify typical fraud controls like maximum withdrawal amounts and number of daily ATM transactions.

Published on: Aug 14, 2018