TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Hackers exploit bug in Elementor Pro WordPress plugin

    June 2, 2023

    Walmart’s taking a rare $20 off of a set of four AirTags

    June 1, 2023

    Tether Ventures into Sustainable Energy Production and Bitcoin Mining in Renewable-Rich Uruguay

    May 31, 2023
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Walmart’s taking a rare $20 off of a set of four AirTags

      June 1, 2023

      The M1 Pro 16-inch MacBook Pro with 1TB of storage is $800 off today

      May 22, 2023

      Google, how do I ask your AI the right questions?

      May 14, 2023

      Where to preorder The Legend of Zelda: Tears of the Kingdom

      May 6, 2023

      ChatGPT returns to Italy after ban

      April 28, 2023
    • Business
    • Cyber Security

      Hackers exploit bug in Elementor Pro WordPress plugin

      June 2, 2023

      15 million public-facing services vulnerable to CISA KEV flaws

      May 23, 2023

      HP to patch critical bug in LaserJet printers within 90 days

      May 15, 2023

      Hackers can open Nexx garage doors remotely, and there’s no fix

      May 7, 2023

      Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

      April 29, 2023
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»KoffeyMaker: notebook vs. ATM | Securelist
    Cyber Security

    KoffeyMaker: notebook vs. ATM | Securelist

    December 4, 2018Updated:December 23, 2018No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low “entry requirements” for would-be cyber-robbers: specialized sites offer both the necessary tools and how-to instructions.

    Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack — a cybercriminal opened the ATM, connected a laptop to the cash dispenser, closed the ATM, and left the crime scene, leaving the device inside. Further investigation revealed the “crime instrument” to be a laptop with ATM dispenser drivers and a patched KDIAG tool; remote access was provided through a connection to a USB GPRS modem. The operating system was Windows, most likely XP, ME, or 7 for better driver compatibility.

    ATM dispenser connected to a computer without the necessary drivers

    The situation then unfolded according to the usual scenario: the cybercriminal returned at the appointed hour and pretended to use the ATM, while an accomplice remotely connected to the hidden laptop, ran the KDIAG tool, and instructed the dispenser to issue banknotes. The attacker took the money and later retrieved the laptop, too. The whole operation could well be done solo, but the scheme whereby a “mule” handles the cash and ATM side, while a second “jackpotter” provides technical support for a share of the loot, is more common. A single ATM can spit out tens of thousands of dollars, and only hardware encryption between an ATM PC and its dispenser can prevent an attack from occurring.

    Overall, the attack was reminiscent of Cutlet Maker, which we described last year, except for the software tools. We were able to reproduce all the steps of KoffeyMaker in our test lab. All the required software was found without too much difficulty. Legitimate tools were used to carry out the attack with the exception of the patched KDIAG utility, which Kaspersky Lab products detect as RiskTool.Win32.DIAGK.a. Note that the same version of this program was previously used by cybercriminals from the Carbanak group.

    Hash sums

    KDIAG, incl. patched files
    49c708aad19596cca380fd02ab036eb2
    9a587ac619f0184bad123164f2aa97ca
    2e90763ac4413eb815c45ee044e13a43
    b60e43d869b8d2a0071f8a2c0ce371aa
    3d1da9b83fe5ef07017cf2b97ddc76f1
    45d4f8b3ed5a41f830f2d3ace3c2b031
    f2c434120bec3fb47adce00027c2b35e
    8fc365663541241ad626183d6a48882a
    6677722da6a071499e2308a121b9051d
    a731270f952f654b9c31850e9543f4ad
    b925ce410a89c6d0379dc56c85d9daf0
    d7b647f5bcd459eb395e8c4a09353f0d
    0bcb612e6c705f8ba0a9527598bbf3f3
    ae962a624866391a4321c21656737dcb
    83ac7fdba166519b29bb2a2a3ab480f8

    Drivers
    84c29dfad3f667502414e50a9446ed3f
    46972ca1a08cfa1506d760e085c71c20
    ff3e0881aa352351e405978e066d9796
    4ea7a6ca093a9118df931ad7492cfed5
    a8da5b44f926c7f7d11f566967a73a32
    f046dc9e38024ab15a4de1bbfe830701
    9a1a781fed629d1d0444a3ae3b6e2882

    YARA rule

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13

    14

    15

    16

    17

    18

    19

    20

    rule software_zz_patched_KDIAG

    {

    meta:

    author = “Kaspersky Lab”

    filetype = “PE”

    date = “2018-04-28”

    version = “1.0”

    hash = “49c708aad19596cca380fd02ab036eb2”

     

    strings:

    $b0 = { 25 80 00 00 00 EB 13 FF 75 EC }

    $b1 = { EB 1F 8D 85 FC FE FF FF 50 68 7B 2F 00 00 }

    $s0 = “@$MOD$ 040908 0242/0000 CRS1.EXE W32 Copyright (c) Wincor Nixdorf”

    condition:

    (

      uint16(0) == 0x5A4D and

      all of ( $s* ) and

      all of ( $b* )

    )

    }



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Hackers exploit bug in Elementor Pro WordPress plugin

    June 2, 2023 Cyber Security

    15 million public-facing services vulnerable to CISA KEV flaws

    May 23, 2023 Cyber Security

    HP to patch critical bug in LaserJet printers within 90 days

    May 15, 2023 Cyber Security

    Hackers can open Nexx garage doors remotely, and there’s no fix

    May 7, 2023 Cyber Security

    Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

    April 29, 2023 Cyber Security

    SAP releases security updates for two critical-severity flaws

    April 21, 2023 Cyber Security
    Editors Picks

    Walmart’s taking a rare $20 off of a set of four AirTags

    June 1, 2023

    Tether Ventures into Sustainable Energy Production and Bitcoin Mining in Renewable-Rich Uruguay

    May 31, 2023

    Democrats and Republicans confident they can pass deal to avert US default

    May 29, 2023

    People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA

    May 26, 2023
    Trending Now

    #StopRansomware: BianLian Ransomware Group | CISA

    By techbizweb

    Realtime deepfakes are a dangerous new threat. How to protect yourself

    By techbizweb

    New DownEx malware campaign targets Central Asia

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.