![]() ![]() ![]() Though most compromised switch application servers were found running unsupported IBM Advanced Interactive eXecutive (AIX) operating system versions, investigators found no evidence that attackers exploited any vulnerability in AIX operating system. Way Too Vulnerable: Uncovering the State of the Identity Attack SurfaceĪchieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats Supercharge Your Skills Once opened, the executable infected bank employees' computers with Windows-based malware, allowing hackers to move laterally through a bank's network using legitimate credentials and deploy malware onto the payment switch application server. authorities believe that the APT threat actors used spear-phishing emails, containing malicious Windows executable, against employees in different banks. Though the initial infection vector used to compromise Bank networks is unknown, the U.S. How Attackers Managed to Compromise Banks' Switch Application Servers authorities are still investigating the FASTCash incidents to confirm whether the attack targets banks in the United States. Hidden Cobra threat actors are using the FASTCash scheme to target banks in Africa and Asia, though the U.S. In another incident in 2018, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs in 23 different countries." "In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. "According to a trusted partner's estimation, HIDDEN COBRA actors have stolen tens of millions of dollars," the reports says. The malware installed on the compromised switch application servers then intercepts transaction request associated with the attackers' payment cards and responds with fake but legitimate-looking affirmative response without actually validating their available balance with the core banking systems, eventually fooling ATMs to spit out a large number of cash without even notifying the bank. However, Hidden Cobra attackers managed to compromise the switch application servers at different banks, where they had accounts (and their payment cards) with minimal activity or zero balances. Whenever you use your payment card in an ATM or a PoS machine in a retailer shop, the software asks (in ISO 8583 messages formats) the bank's switch application server to validate the transaction-accept or decline, depending upon the available amount in your bank account. Switch application server is an essential component of ATMs and Point-of-Sale infrastructures that communicates with the core banking system to validate user's bank account details for a requested transaction. The investigators analyzed 10 malware samples associated with FASTCash cyber attacks and found that attackers remotely compromise payment "switch application servers" within the targeted banks to facilitate fraudulent transactions. Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed " FASTCash," that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server.įASTCash Hack Fools ATMs into Spitting Out Cash The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world. The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |