[ad_1]
In the past In just a few years, fraudsters have increasingly diverted money from digital payment networks, stealing hundreds of millions of dollars to date. Not only is the problem difficult to contain; the new discoveries show that it is evolving and maturing, with the emergence of new types of malware for ATMs.
Researchers at the Kaspersky Security Analyst Summit in Singapore are presenting their findings Wednesday on a new wave of payment system scams. Beyond so-called "jackpotting" attacks, which push individual ATMs to spit money, hackers manipulate ATM networks and digital authentication controls in machines to cash transfers. fraudulent that they initiate in the whole world.
Hackers have hit various financial platforms, including the PESI national money transfer system in Mexico, in payment system frauds in recent years. But the majority of scams are for the international payment network SWIFT, which transfers billions of dollars a day. Numerous known thefts in digital banks, such as $ 81 million stolen in Bangladesh in 2016 and $ 10 million in Chile last year, have shown how vulnerable digital payment networks can be.
But attackers are now using the same types of transaction manipulation in unexpected places, such as ATM networks, to bypbad the new defenses while using the same types of strategies that have already garnered a steady stream of money.
"Hackers have invested heavily in the development of more implants, malware, SWIFT targeting types and intrusions."
Saher Naumaan, BAE Systems
SWIFT services are essentially mbadive messaging systems that automatically check and process transactions between natural or legal persons and their financial institutions. SWIFT has long claimed that hackers did not compromise its core infrastructure during these highly publicized attacks and that problems stemmed from weaknesses in local banking networks. However, the organization has invested heavily in developing the security mechanisms and controls required for third-party financial networks that interact with SWIFT.
These system architecture improvements, combined with tailored monitoring to signal and block more fraudulent fund transfers, have led to fraudsters innovating in this way. During an attack against the Indian Cosmos Bank last August, hackers stole $ 13.5 million by infecting the bank's ATM server with malware to retrieve customer information and SWIFT codes which have been attributed to them. Then, they used this data to launch thousands of transfers, both in India and in many other countries, where postal transfers have cashed in malicious transactions.
"We have seen a diversification in the targeting of ATMs and authorization mechanisms in ATMs," said Saher Naumaan, threat intelligence badyst at BAE Systems and one of SAS presenters. . "This shows that hackers have invested heavily in the development of more SWIFT implants, malware, targeting types, and intrusions, and have done a lot of research on applications and malware. protocols, deep knowledge of these internal systems, and they are capable of handling many parts of the banking system. "
These new ATM attacks differ from jackpotting in that hackers make transactions and allow withdrawals, or mimic account holders to drain their funds. Specifically, Naumaan notes that the attackers basically resume the "approved list", in which the network card numbers of a bank are allowed to withdraw money.
For years, one of the most prolific authors of digital banking robberies appeared to be the North Korea-backed hacker group, known as Lazarus. Numerous threat intelligence companies that track digital banking fraud and the malware used to perpetrate it have found links with the notorious gang. Naumaan says similar similar links also exist in the new generation of ATM network attacks.
BAE Systems badysts often found that the networks of victims studied were infected by both malicious software known as GraceWire and malicious tools known to Lazarus. The researchers also discovered possible links between GraceWire and a well-known financial-motivated hacking gang called TA505. Although Naumaan says it is too early to draw definitive conclusions about these overlaps, it is possible that Lazarus has contracted with TA505 or other groups to gain access to financial networks.
"There is a kind of central theory that the TA505 could be the one that would compromise the network and get the initial access, and then sell that access to Lazarus," Naumaan says. "That would be interesting because in most of these frauds, we did not know the intrusion vector – it was one of the biggest unknowns."
Naumaan notes that as the global banking industry tightens its defense systems, attackers will develop new techniques to execute their attacks. In an incident related to Lazarus in 2017, for example, the group targeted a Taiwanese bank to steal money, just as it had ransomware its network. The researchers speculate that attackers can increasingly rely on distraction and other methods to hide their intention to execute attacks. And crooks will continue to find new types of local and interbank connections that could be under-secure.
Hackers are evolving rapidly to chase away billions of dollars in digital money every day, but stricter network security standards and increased surveillance of fraud have at least made it more difficult to capture transaction systems by surprise.
More great cable stories
Source link
