October 05, 2018

FIs warned of another ATM cash-out scheme

atmThe FBI, Department of Homeland Security (DHS) and Treasury Department on Thursday alerted U.S. financial institutions of another ATM cash-out campaign they're identifying as "FASTCash." The sophisticated, cyber-enabled campaign has been linked to North Korea. It has been active since late 2016 and allows hackers to steal tens of millions of dollars in cash.

Most of the FASTCash attacks have targeted banks in Africa and Asia; there have been no confirmed FASTCash incidents affecting U.S. institutions. However, the agencies released the joint technical alert and distributed the malware indicators proactively to help financial institutions bolster network defenses and reduce exposure to malicious cyber activity.

Federal agencies have issued a number of warnings to financial institutions in recent months warning of fraudulent activity at ATMs.

In August, the FBI warned financial institutions of a worldwide ATM cash-out scheme. From that scheme, India-based Cosmos Bank disclosed that on Aug. 11 hackers stole nearly $2 million in fraudulent bank transfers and $11.5 million in authorized ATM withdrawals.

Just last week, the Secret Service warned financial institutions about a form of ATM skimming that involves "cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM," according to a report from KrebsOnSecurity.

NAFCU remains engaged with regulators and lawmakers to establish a strong national data security standard and ensure all entities that collect and store consumers' financial information are held accountable. The association has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.