(Reuters) — A group of top U.S. regulators on Wednesday warned about the threat of rising cyber attacks on banks' websites and their cash machines, urging the industry to put proper measures in place to guard against fraud.
The Federal Financial Institutions Examination Council said it had seen a rise of so-called denial-of-service attacks on banks' websites, which were sometimes a cover for criminals to commit fraud.
The group described one recent case in which criminals stole $40 million from just 12 accounts — far exceeding the actual balance held by clients — in a sophisticated scheme known as an "Unlimited Operations" fraud.
Massive client data breaches at retailers Target Corp. and Neiman Marcus Group L.L.C. put focus on cyber security last month, leading banks and the retail groups to join forces to try and fix the issues.
The problems described by the FFIEC, which comprises top officials from the Federal Reserve and other bank regulators, are of a different nature, if no less harmful.
In the "Unlimited Operations" fraud, criminals may begin an attack by installing malicious software on a bank's computers through phishing emails, and then hack into control panels to raise the limits on how much a cash machine can dispense.
In the final phase, the criminals withdraw large amounts of money from a number of cash machines within four hours to two days with stolen bank cards, often on weekends because that's when there is more money in the machines.
Such operations can be accompanied by a denial-of-service attack, in which a bank's website is flooded with information requests so that it slows down or completely stops working for clients with legitimate requests.
There had been an increased number of such attacks in the latter half of 2012, the FFIEC said, though these were often also launched by politically motivated groups.