There’s a new hack in town, and the U.S. Secret
Service calls it “Unlimited Operation.” Targeting ATMs belonging to small-
and medium-sized banks, the hackers use stolen credentials to log in to the ATM
systems’ remote admin panels and change the cash withdrawal limits to
“Unlimited.” They then use stolen debit cards to withdraw as much cash as possible—sometimes
more than victims actually have in their accounts.
Remove technology from the scenario, and it’s an “Oceans
Eleven”-style caper. Keys are stolen, smoke bombs are thrown, safes are
cracked, and the bad guys abscond with big bags of cash. Here’s how it looks in
cyber-terms:- A successful spear-phishing attack puts malware on an employee workstation—pwned!
- Hacker monitors the workstation/endpoint to see how the admin normally logs in to the remote admin panel for the bank's ATM system
- Hacker uses a DDoS attack to distract bank security while he logs in to the ATM admin panel
- Hacker removes the withdrawal limits for certain ATMs and/or bank accounts
- The ATM remains uncompromised: limits are controlled through a legitimate admin console.
- Audit bank employees' workstations and create baselines of "normal" behavior and processes for each
- Run regular scans to see if any are running any non-whitelisted processes or have suspicious remote connections, perhaps based on the geography of the remote IP or domain
- Perform regular hunts for anomalies.
No comments :
Post a Comment