Report

Weekly Threat Report 25th November 2016

Created:  25 Nov 2016
Updated:  25 Nov 2016
This report is drawn from recent open source reporting.

ATMS in Europe targeted by cyber criminals

The cyber security firm, Group-IB, recently published a report on Cobalt, a suspected criminal group, that has been using a novel method to steal money from banks across Europe, including the UK, via ATMs.  According to Group-IB, Cobalt target banking organisations by using spear-phishing emails with malicious attachments that exploit software vulnerabilities. Once an attachment is opened the attackers can move through a bank’s network and gain access to the servers that control the ATMs. The machines can then be remotely programmed to issue cash. 

Criminals have traditionally installed additional hardware to record PINs and skim cards in order to steal money from ATMs, but these methods require physical access to the machines. With this new approach attackers can remotely programme ATMs to issue cash and arrange for ‘money mules’ to collect the money.

This method is attractive because an attack can be conducted quickly and, as it targets the contents of the ATM rather than individuals’ customer accounts, the rewards can potentially be much more lucrative. Similar attacks were observed earlier in 2016 on banking systems in Taiwan and Thailand.

LinkedIn falls foul of data localisation legislation

The American business networking site LinkedIn has been blocked in Russia for breaching data localisation legislation, which requires all companies to store Russian citizens’ personal data in Russia. The vast majority of companies, including Apple and Booking.com, comply with the data localisation legislation. The US has called for this block to be lifted and has expressed concern that the case could set a precedent for further sites to be blacklisted.

It is reported that LinkedIn was deemed “violators of the rights of personal data” for processing the IP addresses of all visitors to their site, including those who were not LinkedIn customers as well as for failing to store Russian citizens’ data locally. In a statement the Kremlin outlined that it expects the LinkedIn dispute to be resolved and for full access to the site to be restored. A Kremlin aide further commented that Russia’s law on personal data may need to be amended as the definition of personal data was unclear.

The outcome of the dispute may set a precedent for other organisations currently deemed not to be compliant with Russian data localisation laws, including Facebook and Twitter.

Vulnerabilities

This week sees updates from Symantec for their Endpoint Protection product, a number of different updates from VMware for vCenter, vSphere and vRealize Automation, updates for Cisco Email Security Appliance, ASA and ASR devices and their Unified Communications Manager. There were also several updates for Apache Tomcat along with updates for Splunk, Nessus and Wireshark. Full details are available on CiSP in the Vulnerability Blog. Register now: www.ncsc.gov.uk/cisp

Was this report helpful?

We need your feedback to improve this content.

Yes No