Banks are on alert for new attacks targeting cash in ATMs after the Federal Bureau of Investigation warned U.S. lenders last week of a potential threat.
“The FBI routinely advises private industry of various cyber-threat indicators observed during the course of our investigations,” Lauren Hagee, an FBI spokeswoman, said in an emailed statement. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
The method, known as jackpotting, involves installing malware on machines that causes the ATM to dispense all the money it has. Jackpotting has been around for almost a decade and is common in emerging-market countries. It differs from most cybercrime in that it requires physical access.
In what may have been the FBI’s warning coming to fruition, India’s Cosmos Co-operative Bank lost $13.5 million across 28 countries over the weekend, Reuters reported Tuesday. Cybercrime journalist Brian Krebs reported earlier on the FBI’s warning on his website, Krebs on Security.
The jackpotting warning is the latest challenge for banks as they work to protect themselves against physical and cyber attacks. Bank executives have been boosting cybersecurity budgets as the business gets increasingly digital, and consumer data becomes more vulnerable to new types of attacks.
“Protecting Citi and our clients from cyber-security threats is a critical priority for us,” Elizabeth Fogarty, a spokeswoman for New York-based Citigroup Inc., said in an emailed statement. “We are aware of the threat and are working with authorities to take preventive action to safeguard our clients.”