Experts at Kaspersky Lab uncovered a new wave of cyber-robbery, called KoffeyMaker. Throughout 2018, attackers devastated ATMs in Eastern European countries, with only laptops and a couple of legal programs in their arsenal.
One of them was a modified version of the utility for testing the work of the dispenser that issued the money - KDIAG. Previously, cybercriminals from the Carbanak group used the same version of this program.
The principle of KoffeyMaker robbery is similar to Cutlet Maker, but this time the attackers did not need any malware, all the necessary tools and instructions could be downloaded from specialized sites. To carry out the attack, it was necessary to open the ATM and directly connect your laptop to the dispenser via USB. After that, the attacker left his device in the ATM, closed it and left. Next, the laptop was controlled remotely.
The pre-installed necessary drivers helped to “cheat” the ATM, thanks to them the dispenser perceived a third-party laptop as an ATM computer. Next, the attacker launched a modified version of KDIAG, which allowed at the right time to issue all the money contained in the dispenser. After that, it was enough to go up at a certain point and collect the money. After some time, the attackers returned to pick up the device.
“In these robberies, malware was not used, and the criminals connected to the dispensers at the end of the operation took the criminals with them, so it’s extremely difficult to determine who is behind the incidents and whether it’s about the new group or individual cases,” says Sergey Golovanov, a leading antivirus expert Kaspersky Labs. “These incidents once again confirm that attackers may not have deep knowledge of IT, moreover, to achieve their goals, they increasingly choose legal tools that allow them to go unnoticed.”
To counteract such robberies, it is necessary to reliably protect part of the connection between the dispenser and the ATM computer - no outsider should get access to them. If technical capabilities allow, you should configure encryption between the dispenser and the computer - this measure will help to avoid substitution of the ATM control center.
Նյութի աղբյուրը՝ FreeNews.am
