On April 2, 2014, the Federal Financial Institutions Examination Council (FFIEC) issued notices warning financial institutions about the increase of attacks as a result of ATM cash-out fraud and distributed denial of service (DDoS) threats. Soon after on May 7, 2014, the FFIEC and the Cybersecurity and Critical Infrastructure Working Group held a webinar for CEOs and senior managers of community financial institutions to help raise awareness about the pervasiveness of cyber threats, as well as to discuss the role executive leadership should play in managing those risks.
ATM cash-out fraud, dubbed “unlimited operations” by the U.S. Secret Service, involves thieves using malware to gain Web-based access to ATM control panels to increase withdrawal and geographic limits. The malware is put in place by tricking employees using social engineering techniques. Then, fast and costly withdrawals are performed using fraudulent ATM, debit, and prepaid cards obtained through other attacks, usually during holidays and weekends when monitoring is limited.
Length: 2 pages (PDF 90 kB)