Cybercriminals who once earned millions by breaking into individual online bank accounts are now targeting the banks’ own computers, with often dramatic results.
In Taiwan and Thailand earlier this year, the criminals programmed bank ATMs to spew cash. Gang members stood in front of the machines at the appointed hour and collected millions of dollars.
Earlier this month, the Federal Bureau of Investigation warned U.S. banks of the potential for similar attacks. The FBI said in a bulletin that it is “monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector.”
A spokeswoman for First Commercial 2892, +0.91% confirmed that the bank’s ATM systems were attacked in July. Investigators now believe that the criminals broke into computers at First Commercial’s London office on May 31. Once inside the network, the criminals sent a malicious software update to the company’s 41 PC1500 ATMs, built by Wincor Nixdorf AG WIN, -0.45% of Germany. After testing their system on July 9, they instructed the ATMs to empty their cash-carrying cassettes the next day. Wincor Nixdorf didn’t return messages seeking comment.