The Federal Financial Institutions Examination Council (FFIEC) is warning financial institutions that their automated teller machines (ATMs) might be targeted by cybercriminals. In addition, the regulator is also warning banks about distributed denial-of-service (DDOS) attacks on their websites.
The has published advisories for both types of attacks. They describe the steps that need to be taken to prevent such incidents.
FFIEC warns that cybercriminals are increasingly targeting the web-based ATM control panels used mainly by small and medium-sized financial institutions. The regulator wants not only to take measures to prevent such attacks, but it also wants them to implement incident response programs.
According to the LA Times, ATM attacks rely on a piece of malware designed to obtain the online ATM login credentials from employees. Once they gain access to these control panels, cybercriminals can change the amount of money that customers can withdraw, geographic usage limits, and they can even tamper with fraud reporting mechanisms.
As far as DDOS attacks are concerned, FFIEC says that institutions should include DDOS readiness in their information security and incident plans. Organizations should monitor traffic to their websites and activate the response plan if DDOS traffic is identified.