Shielding against FASTCash ATM fraud: How INETCO BullzAI secures banking networks

On October 15, 2024, a new Linux variant of the notorious FASTCash malware was uncovered, once again highlighting the vulnerabilities in global banking systems. This malware, attributed to North Korean threat actors, has been responsible for siphoning millions of dollars from ATMs worldwide by compromising interbank payment switches. The latest version targets Linux systems, allowing attackers to manipulate transaction messages and approve fraudulent cash withdrawals.

This sophisticated ATM heist method underscores the critical need for advanced fraud detection and prevention tools. The attackers exploit the very core of transaction processing—altering declined responses for debit cards with insufficient funds, and in real-time, altering them to approved transactions. In these cases, where malware is sitting on the transaction switch, Transport Layer Security (TLS) or end-to-end encryption are insufficient and could provide a false sense of security. Traditional fraud detection systems have also been ineffective at stopping such schemes because they lack real-time visibility into the multi-hop details across the end-to-end transaction path, particularly at the message field level.

However, INETCO BullzAI is built precisely to detect malware-initiated man-in-the-middle attacks in real-time. Here’s how it enhances your defense against attacks like FASTCash:

The FASTCash scheme: manipulating payment switches

The FASTCash malware compromises payment switches, which are critical components of interbank communication and payments completion. Once inside, it hijacks ISO 8583 transaction messages used for debit and credit card processing. When a transaction is rejected for insufficient funds, the issuing bank’s messages that deny the transaction are altered by the malware to authorize a cash withdrawal. In this case, detecting and preventing missing or manipulated responses requires the monitoring of every transaction link on both the front-end and back-end of the payment switch environment.   

How INETCO BullzAI stops such attacks without compromising legitimate transactions

INETCO BullzAI provides an advanced layer of security to prevent real-time fraud attempts by offering unmatched visibility into every end-to-end transaction. It utilizes a unique sensor network that creates a complete map of the payment environment in real-time, where it continuously “senses” activity within a payment ecosystem. Combined with its self-improving AI framework, INETCO BullzAI dynamically and precisely detects and blocks malicious transactions that are injected, altered or missing responses. Key features include:

  • Transaction field-level decoding and correlation: INETCO BullzAI has access to complete audit quality payment network data that other fraud detection systems never see. It ensures every transaction is safeguarded by delving deep into individual fields within the transaction data. It can identify suspicious changes in real-time, such as when a response message that should have declined a transaction is missing or altered to approve it. This field-level granularity is critical in spotting the subtle manipulation that the FASTCash attack relies on.
  • Behavioral analysis models: INETCO BullzAI doesn’t just analyze raw data; it understands the expected behavior of every transaction based on self training models that build individual card, terminal and user behavior profiles. For instance, if a transaction suddenly shifts from declined to approved for a specific set of card numbers or ATM terminals, it can detect this anomaly and block the fraudulent transaction immediately.
  • Transaction rate limiting or blocking based on field-level precision: INETCO BullzAI’s AI-driven transaction firewall continuously learns from new patterns of cyber activity, adapting its defense mechanisms in real-time to stay ahead of increasingly sophisticated fraud tactics. It inspects individual fields within transaction data, using behavioral analysis to evaluate, block or rate-limit transactions not just at the IP address or port, but based on specific points of vulnerability—such as Terminal IDs, machine fingerprints, or PANs (Primary Account Numbers). This makes it highly effective against man-in-the-middle attacks and other schemes that depend on manipulating or injecting transaction data – while improving detection accuracy and reducing impact on legitimate transactions.

Real-time defense for the modern threat landscape

In a world where malware and sophisticated man-in-the-middle attacks like FASTCash continue to evolve, fraud detection and prevention solutions must keep pace. INETCO BullzAI not only detects these attacks but also prevents them in real-time, ensuring that fraudulent transactions are stopped before they can complete. Its AI-driven analysis, combined with deep visibility into transaction data, gives banks the tools they need to protect against even the most sophisticated threats.