Category Archives: ATM hacking

Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.

Posted on by

Thanks to a pair of zero-day vulnerabilities in a popular ATM, hackers could be pilfering off customers’ sensitive banking information or withdrawing hefty wads of cash, according to research from New York-based Red Balloon Security. If exploited properly, one of the vulnerabilities the researchers found in Nautilus Hyosung America ATMs would allow attackers to essentially empty the machines of cash, the researchers, Brenda So and Trey Keown, told CyberScoop. The root of the vulnerability lies in the way Nautilus implemented eXtensions for Financial Services, the software used to dispense money. The other vulnerability would allow attackers to execute malicious code in the the ATM’s remote administration interface, which normally allows ATM owners to check the amount of cash available in their machines. In experimenting with the flaw, So and Keown wrote shell code and sent a malicious payload to the ATM. Hackers that are able to do the same could point […]

The post Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in. appeared first on CyberScoop.

Continue reading Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.

Why did Cyber Command back off its recent plans to call out North Korean hacking?

Posted on by

U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers for targeting the financial sector in late September, but ultimately backed off the plan by early October, multiple sources familiar with the decision tell CyberScoop. The announcement was to be part of a Cyber Command effort to publicly share malware samples on VirusTotal, a web platform dedicated to tracking malware. Led by Cyber Command’s Cyber National Mission Force, those postings are intended to call out adversary-linked hacking in the hopes that it will deter groups from similar efforts in the future. It wasn’t clear why the decision was made to refrain from publicly posting malware samples this time around, despite the fact that Cyber Command has done so numerous times in recent months. It didn’t appear to be an issue of accuracy — the Pentagon outfit still decided to share private advisories with threat intelligence companies and the financial sector. A […]

The post Why did Cyber Command back off its recent plans to call out North Korean hacking? appeared first on CyberScoop.

Continue reading Why did Cyber Command back off its recent plans to call out North Korean hacking?

Researchers Find Most ATMs Vulnerable to Hacker Attacks

Posted on by

A new study that analyzed ATMs from three major manufacturers found that two-thirds of them were vulnerable to physical black box attacks and an even larger number were vulnerable to network attacks. The research project spanned two years and was carr… Continue reading Researchers Find Most ATMs Vulnerable to Hacker Attacks

Symantec researchers dissect North Korean malware used in ATM attacks

Posted on by

As the North Korean government has felt the bite of international sanctions, its hackers have reportedly carried out damaging raids on financial institutions to raise cash. Few operations capture that naked ambition more clearly than a scheme that has reportedly stolen tens of millions of dollars from ATMs in Africa and Asia. On Thursday, researchers from cybersecurity company Symantec detailed how the malware used in the ATM scheme intercepts fraudulent withdrawal requests and sends messages approving those withdrawals. The Lazarus Group, a broad set of North Korean hackers, is responsible for the so-called FastCash operation, according to Symantec. “FASTCash illustrates that Lazarus possesses an in-depth knowledge of banking systems and transaction processing protocols and has the expertise to leverage that knowledge in order to steal large sums from vulnerable banks,” Symantec researchers wrote in a blog post. The scheme has triggered simultaneous withdrawals from ATMs in 23 countries this year […]

The post Symantec researchers dissect North Korean malware used in ATM attacks appeared first on Cyberscoop.

Continue reading Symantec researchers dissect North Korean malware used in ATM attacks

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

Posted on by

Three members of one of the world’s largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesda… Continue reading 3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

Newly Uncovered ‘MoneyTaker’ Hacker Group Stole Millions from U.S. & Russian Banks

Posted on by

Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia.

Moscow-based security firm G… Continue reading Newly Uncovered ‘MoneyTaker’ Hacker Group Stole Millions from U.S. & Russian Banks

Latin American ATM Thieves Turning to Hacking

Posted on by

Thieves in Latin American countries are turning to Eastern European hackers to build ATM malware from scratch, according to a Virus Bulletin talk by researchers at Kaspersky Lab. Continue reading Latin American ATM Thieves Turning to Hacking

The business models behind ATM malware empires

Posted on by

The criminal gangs behind the world’s most successful ATM malware attacks run their million-dollar empires like cutthroat business executives, according to newly published research from the European Union law enforcement agency Europol and the cybersecurity firm Trend Micro. In the last decade, organized crime groups originating mostly from two hotspots, Latin America and Eastern Europe, have waged an effective and evolving war against the cash-filled boxes that are the cornerstone of more than $10 billion in annual withdrawals, the researchers say. Some syndicates hold onto their malware for exclusive use, while others resell to smaller gangs willing to do the physical legwork. A single weekend’s spree can result in thousands or millions of dollars in stolen cash. Hackers execute physical and network-based attacks against ATMs to steal money from both banks and customers in campaigns that can take years to sniff out. Analyzing a decade’s worth of ATM hacking, the researchers focused on business models that […]

The post The business models behind ATM malware empires appeared first on Cyberscoop.

Continue reading The business models behind ATM malware empires

New warning: Super-stealthy fileless malware on the rise

Posted on by

Super-stealthy, fileless malware is increasingly being used to defeat cybersecurity systems and allow hackers to gain control of heavily guarded computer networks — and most organizations aren’t equipped it to detect, let alone defeat it, according to a new government warning. “We assess most organizations are not currently equipped to defend against these tactics,” states the New Jersey Cybersecurity and Communications Integration Cell in a recent public bulletin. The warning cautions that fileless or “non-malware” attacks could be used by cyberspies or those bent on theft or data destruction — as distinct from those cases where it has previously been employed in financial cybercrime. The New Jersey cell states it has “high confidence that fileless and ‘non-malware’ intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks … to enable future acts of sabotage.” The […]

The post New warning: Super-stealthy fileless malware on the rise appeared first on Cyberscoop.

Continue reading New warning: Super-stealthy fileless malware on the rise