Skip to main content

Why the Older & Vulnerable Version in use Vulnerability should be of HIGH severity

Copied from Kaspersky

ATM Hack

ATM is a jackpot for criminals, it is a metal box that contains lots of cash.

ATM is just a computer often a windows computer with an input device like a touch screen and buttons. It also has cassettes which hold lots of cash.

In older days and in today's time, the easy tactic is to steal the cassette. 😀


Check this video, how the security researcher hack the ATM 


A true story of 2013: Bank & ATM Hack

Just imagine, how you feel when ATM starts dispensing cash without your touch. It feels like magic. What we don't understand, we think it's magic or some supernatural phenomenon, but I think if we don't understand that doesn't mean that there is no science or technical process behind it, just we don't know about that. 

This story is about ATM and bank hacking. In late 2013 an ATM started dispensing cash at random time more often at night. No one had touched or put in the card, the cameras capture that scene. A guy came with a duffle bag and when he went near the ATM, the ATM started dispensing the cash..Lots of cash.
Kaspersky researcher called by Bank IT team to check this, in stating they all are clueless. It looks like a superpower. How it can happen without any touch. In starting, researchers thought this may be a case of hacking (Modified version of already known Malware: Tyupkin) but after analysis of the ATM hard disks, they couldn't find anything suspicious. The researcher again got a call from a large bank IT team to show something big. The IT team found that the bank domain controller was sending data to China which means attackers are controlling the domain controller, and attackers have all the access to the bank. The researcher team used process explorer to find the malicious process by which the attacker remotely connected to the domain controller. They tried multiple tools like memory dump, string to find the details of the malicious process. During their analysis, researchers found VNC when they ran the string command. VNC is a remote controlling tool. Just imagine the situation in which you are trying to find the malware in a system and hackers are watching all your activities. Now at this time, researchers know that what they were doing it watched by the hackers. They open the word document and type hello in the Russian language to know if the attackers know Russian or not because this attack was done in a Russian bank. They received a reply from an attacker in Russian. Researchers wiped the malware from all systems and the attacker disconnected. Now researchers started connecting the dots back. Now they have some clue how the ATM hack was performed. They decided to give this malware a name:  Carbanak
After all the analysis, it was found that the bank employee received a phishing email with attached word documents that contains an exploit for an already patched vulnerability. An employee was using the older version of Microsoft word and he opened that malicious document. Now, because of the vulnerable and older version in use, an attacker had their first point of entry into the organization's network. Humans seem to be the weakest link in the network. Attacker escalated their privileges and tried to find juicy systems in the network that help them to control money. They arrived at the computer that handles bank transfers and they also figured out which employees were the ones that were making manual money transfers. Hackers monitored that system for a couple of days and learned how the day-to-day work is done in the bank. Attackers learned how the system works for some days. It was a clever move.  Hackers stole over 1 Billion Dollars from the bank before the mitigation of the malware.

There were lots of weaknesses within the network of that bank, but everything was started by downloading and opening malicious documents by the older and vulnerable version of Microsoft office. This story tells us why the severity of "Older & Vulnerable Version in Use" must be High.

Reference:
https://www.neweurope.eu/article/spanish-police-breakup-ukrainian-russian-atm-hacker-gang/
https://resources.infosecinstitute.com/topic/carbanak-cybergang-swipes-1-billion-banks/
https://www.cyberscoop.com/carbanak-cybercrime-gang-leader-who-caused-atms-to-spit-cash-is-arrested/
https://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/
https://securelist.com/the-great-bank-robbery-the-carbanak-apt/68732/
https://www.kaspersky.co.in/blog/billion-dollar-apt-carbanak/4618/


Labels:

Comments

Post a Comment

Popular posts from this blog

Free Cybersecurity Certifications

Introduction to Cybersecurity Cybersecurity Essentials Networking Essentials Android Bug Bounty Hunting: Hunt Like a Rat Ethical Hacking Essentials (EHE) Digital Forensics Essentials (DFE) Network Defense Essentials (NDE) Introduction to Dark Web, Anonymity, and Cryptocurrency AWS Skill Builder Introduction to Cybersecurity Building a Cybersecurity Toolkit Cyber Aces Free Cyber Security Training Course Introduction to Information Security Penetration Testing - Discovering Vulnerabilities
Post a Comment
Read more

Is your webcam exposed on the internet and everyone enjoying your personal moments? | How to check webcam or security camera is exposed on the internet or not?

Nowadays we start using many technology devices in our homes. Many people are installing CCTV or security cameras in their houses, private rooms, offices, private places, etc for security purposes and monitoring, but many of them don't know how to configure that device securely. So let's talk about CCTV and security cameras only.  What do most CCTV/Security camera users believe? Most users believe that using a strong username and password on a camera administrative page protects them. (Partially true in the case of online cameras) Example: Why it is partially true? It's partially true because you are protecting only the camera administrative page which is also an important part. Still, you are not protecting the protocol used to control streaming media servers (Real-Time Streaming Protocol ( RTSP )). I have seen many online webcams whose administrative page is secured by strong credentials, but they forget to secure the RTSP protocol which gives me access to the streaming ...
Post a Comment
Read more

Web Application Security Testing (WAPT) Interview Questions

Let's Contribute All Together For Creating a Questions Dump What are the vulnerabilities you have to test in the Login form, Payment gateway? What is clickjacking? What is the mitigation of clickjacking? What is CSRF? How to mitigate CSRF? Let's take an example, If a developer implements a CSRF token in a cookie, will it mitigate the CSRF issue? Is it possible to mitigate the CSRF by header? If yes why, if No why? If the data is in JSON format, how you will check the CSRF issue and what are the ways of exploitation? Where to implement the CSRF token and why? If the client doesn't want to change the UI or doesn't want to implement the CSRF tokens, and headers then what mitigation you recommended to the client for CSRF? What is the problem with the per-request token? Is login CSRF possible? Explain login CSRF? Have you ever exploited it? What is the mitigation for login CSRF? Suppose, in an application csrf token is implemented in each request and every request, except th...
Post a Comment
Read more