14 DAY TRIAL // The Federal Financial Institutions Examination Council (FFIEC) is warning financial institutions that their automated teller machines (ATMs) might be targeted by cybercriminals. In addition, the regulator is also warning banks about distributed denial-of-service (DDOS) attacks on their websites.
The organization has published advisories for both types of attacks. They describe the steps that need to be taken to prevent such incidents.
FFIEC warns that cybercriminals are increasingly targeting the web-based ATM control panels used mainly by small and medium-sized financial institutions. The regulator wants companies not only to take measures to prevent such attacks, but it also wants them to implement incident response programs.
According to the LA Times, ATM attacks rely on a piece of malware designed to obtain the online ATM control panel login credentials from employees. Once they gain access to these control panels, cybercriminals can change the amount of money that customers can withdraw, geographic usage limits, and they can even tamper with fraud reporting mechanisms.
After everything is configured in the ATM control panel, the crooks create fraudulent cards with information stolen through separate attacks.
As far as DDOS attacks are concerned, FFIEC says that institutions should include DDOS readiness in their information security and incident plans. Organizations should monitor traffic to their websites and activate the response plan if DDOS traffic is identified.