FBI warns financial sector about infected ATMs

ATMs around the world have been spewing millions of dollars following ‘jackpotting’ malware attacks by a cyber criminal group linked to the well-known cyber crime syndicate Buhtrap, according to Russian cybersecurity firm Group IB.

Machines in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Malaysia, Moldova, Poland, Romania, Russia, Spain, Taiwan, Thailand, and the United Kingdom have all been infected with malware that forced them to eject banknotes to waiting gang members.

The FBI fears that the United States will be the gang’s next target, saying in a bulletin earlier this month that it is “monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector.”

The criminals infect banks’ systems by sending phishing emails to bank employees “with attachments containing exploits and password-protected archives with executable files”, according to Group IB’s report Cobalt: Logical attacks on ATMs. When an unsuspecting employee opens one of these attachments, malware is launched.

Once they have access to a bank’s network, the criminals use a number of methods to gain domain administrator privileges – a process that can take between ten minutes and a week. They can then use legitimate channels to remotely access network segments to “gain access to ATMs, and workstations of bank employees who control ATMs.”

Reuters reports that ATM manufacturers Diebold Nixdorf and NCR Corp “were aware of the attacks and were working with customers to mitigate the threat.”

Combating phishing attacks

Banks aren’t the only institutions susceptible to phishing attacks. Whatever your line of business, phishing is a threat you need to take seriously: If one of your employees mistakenly opens an infected attachment or clicks a malicious link, your entire corporate network could be put at risk.

Phishing attacks are now at an all-time high, smashing previous records: According to the APWG, the “total number of unique phishing sites observed in the second quarter of 2016 […] was 61% higher than the previous quarterly record in Q4, 2015”.

This is why it is so important to ensure that your staff understand the threat that phishing poses and can recognize phishing emails.

IT Governance’s Phishing Staff Awareness Course educates staff on the risks of phishing emails, helping your team understand how phishing works, what tactics cyber criminals employ, and how to spot and avoid phishing campaigns.

Combine this with our Simulated Phishing Attack to assess your employees’ awareness of phishing attacks and gain recommendations on improving your security.

We also recommend regular penetration testing to determine the vulnerabilities present in your network and applications. If a careless employee does click a malicious link or open an infected attachment, you want to make sure that your systems are as secure as they can be.

Find more staff awareness e-learning courses here >>