Btech is the market leader in providing affordable managed IT security services for credit unions.
FBI Issues an "ATM Cashout Blitz" Warning 


Btech has recently learned about  warnings of ATM cashouts issued by the Federal Bureau of Investigation (FBI). 
 
What is an "ATM Cashout"? 

According to reports, "cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an 'ATM cashout,' in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently  withdraw millions of dollars in just a few hours.

Financial institution are compromised with malware allowing cybercriminals access to the institution's  network and customer card information. Small to medium size institutions are targeted, "likely due to less robust implementation of cuber security controls, budgets, or third party vendor vulnerabilities." 

After gaining access to a network via phishing or hacking, the intruders will remove fraud controls, alter security measures and bank balances before using copies of legitimate cards to withdraw accounts funds simultaneously. 

Cashout operations are usually launched on weekends, just after closing procedures are started. This allows criminals more time to withdraw funds.  

How can you protect your network?

The FBI provided the following tips to help keep your institution secure:
 
"The FBI is urging banks to review how they're handling security, such as implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.

Other tips in the FBI advisory suggested that banks:
  • Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.
  • Implement application whitelisting to block the execution of malware.
  • Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.
  • Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, such as Powershell, cobalt strike and TeamViewer.
  • Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.
  • Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution."
What now? 

Several news sources have confirmed that Cosmos cooperative bank in India was targeted this week. Using cloned cards and 25 ATMs located in Canada, Hong Kong and India, the cybercriminals made around 12,000 transactions. They stole approximately $13.5 million. 

This is another reminder that excellent IT security is a must for your credit union. As identified above, multiple layers of security are necessary to identify, correct, and protect your environment. 

Please feel free to contact me at [email protected] or 626-397-1045 if you have any questions, or if we can help in any way. 

References: 



How Secure Are Your Vendors? 

Have you ever thought to yourself, "how secure are my vendors?"

You rely on many vendors to provide a long list of services to your credit union and your members. These vendors are critical to your operations. But, are they secure? 

Btech is proud of the fact that we are SSAE-16 certified. (SOC2 Type II). We also make it easy to work with us by providing a complete vendor due-diligence package to all of our service agreement clients. 

Testimonial

"Since 2007, Santa Ana Federal Credit Union has trusted Btech for our network environment upgrades and their reliable managed security services. Btech has proven itself a rapid responder to our needs time and again; considering we have no in-house IT for day to day activities, it is clear how important their response times are to our operations. In order to keep up with changes in technology, we have implemented Btech's Mobile Device Management service in order to protect our members' personal information, as well as meet regulatory guidelines. We would recommend Btech to any credit union looking for assistance with their network security and operational needs".
 
John Hendrix
CFO
Santa Ana Federal Credit Union

Find more testimonials  HERE
Please call us today to discuss any needs that you may have or to learn more about Btech.
Sincerely, 

Lee Bird
President
626-397-1045
See what's happening on our social sites: