We had already covered in our previous article, how these types of attacks take place: The attacks were crafty, where the machines were not physically damaged (and that’s why no triggers were generated and no alarms.). ATM didn’t send any alarms, no physical intrusion.
It appears from the clip, some hacker is hacking ATM of Pubali Bank Limited, Bangladesh using the same modus-operandi. In this CCTV clip we can see clearly, how the hacker is able to implant blockbox device (variants of GL.iNet) inside ATM machine, along with RaspberryPi (small programmed computer) & within few seconds ATM starts dispensing currencies.
Here getting access to ATM Box physical keys is something not that interesting as there are multiple keys available in grey market. This can easily be procured/duplicated very easily.
Sourcing ATM cards once again is the easiest job, we had covered it extensively, how easy is to source & clone it.
Whatever we explained through our Lab simulation, can be seen here in a practical way in the above clip.
Our technical intelligence indicators point out this type of attack is going to scale up like anything in the coming days.
Suggestion for Banks: Please go for mandatory RED Teaming, especially on all the public-facing touchpoints, get its defensibility checked thoroughly on technical parameters & not only Statuary sake. Hackers seem to be clearly outpacing banking defence mechanism.
This Article has been Submitted by Armantec Systems Pvt Ltd (www.armantecsystems.com), a Noida Based Threat Intelligence & RED Teaming Consulting Firm, with the prime focus on custom Ransomware Attacks Solution for Critical Information Infrastructures (CIIs).