(Adds background on 2012 attacks)
By Douwe Miedema
WASHINGTON, April 2 A group of top U.S.
regulators on Wednesday warned about the threat of rising
cyber-attacks on bank websites and cash machines, urging the
industry to put proper measures in place to guard against fraud.
The Federal Financial Institutions Examination Council
(FFIEC) said it had seen a rise of so-called denial-of-service
attacks on bank websites, which were sometimes a cover for
criminals committing fraud.
The group described one recent case in which criminals stole
$40 million from just 12 accounts - far exceeding the actual
balance held by clients - in a sophisticated scheme known as an
"Unlimited Operations" fraud.
Massive client data breaches at retailers Target Corp
and Neiman Marcus Group LLC put the focus on
cybersecurity last month, leading banks and retail groups to
join forces to try and fix the issues.
The problems described by the FFIEC, which comprises top
officials from the Federal Reserve and other bank regulators,
are of a different nature, if no less harmful.
In the "Unlimited Operations" fraud, criminals might begin
an attack by installing malicious software on a bank's computers
through phishing emails, and then hack into control panels to
raise limits on how much a cash machine can dispense.
In the final phase, the criminals withdraw large amounts of
money from a number of cash machines within four hours to two
days with stolen bank cards, often on weekends because that is
when there is more money in the machines.
Such operations can be accompanied by a denial-of-service
attack, in which a bank's website is flooded with information
requests so that it slows down or completely stops working for
clients with legitimate requests.
There was an increase in such attacks in the latter half of
2012, the FFIEC said, although these were often also launched by
politically motivated groups.
In 2012, Ally financial Inc, Bank of America Corp,
Wells Fargo & Co and other banks suffered denial of
service attacks. Sources at the time told Reuters the attacks
could be part of a year-long cyber campaign waged by Iranian
hackers to protest against an anti-Islam video on the Internet.
(Reporting by Douwe Miedema. Editing by Andre Grenon, Bernard