News & Comment: FBI Warns of ‘Unlimited’ ATM Cashout Blitz — Krebs on Security

NEWS: The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.



COMMENT: Jonathan Sander, CTO, STEALTHbits Technologies:

“The scariest thing about these FBI advisories to banks and other organizations isn’t the idea of the bad guys doing bad things, it’s the advice they are giving the good guys. All the advice the FBI gives sounds like the basics of an effective cybersecurity program. That is no reflection on the FBI, though. They are saying what they feel needs to be said based on the controls they see in place at the banks they are advising. To imagine that security pros at a bank can’t force IT to have strong password policies and two factor for administrative users is very shocking. In a world with breaches in the news nearly as often as presidential tweets, how can anyone argue against strong security for the more privileged users in the system?”