Attackers took advantage of a bank employee to penetrate their computer infrastructure
Redbanc, a company responsible for
administering the interbank ATM network in Chile, suffered a serious cybersecurity
incident, reported network security and ethical hacking experts from the
International Institute of Cyber Security.
After some local media began to follow up on
the incident, Redbanc published a statement admitting the security breach,
noting that during the attacks, their networks were not interrupted and managed
to work regularly. “The event had no impact on our operations. In accordance
with our security protocols, we will keep the authorities and other
stakeholders in the industry informed of any new details”.
Although on a daily basis hundreds (even
thousands) of cyberattacks are presented, this one called especially the
attention of experts in network
security; according to the first investigations, in this attack was
used a malware called POWERRATANKBA, linked to the group of hackers sponsored
by the government of North Korea known as Lazarus.
According to local media reports, the attack began
with a LinkedIn announcement that offered
a job as software developer, an announcement to which a Redbanc employee responded.
The attackers agreed a fake job interview via Skype
with the bank employee, where he was asked to download a file called ApplicationPDF.exe,
which infected the computer of the scam victim.
Network security experts believe that malware
was successfully executed, allowing attackers to explore the enterprise network
for vulnerabilities; the company later realized the intrusion, which helped
blocking later attempts.
Cybersecurity specialists consider this to be a
very sophisticated form of social engineering because, having opted for the use
of email, attackers would have been less likely to commit this intrusion, so
resorting to the use of platforms like Skype or LinkedIn is an unexpected move:
“In the end, what matters is reaching the target, not so much the medium used”,
commented the experts.
Surely there are several lessons to be learned
from this incident. It is essential for organizations to assess their structure
to determine where these vulnerable points are, which favor the deployment of
social engineering campaigns before the attackers exploit their weaknesses.
It is also up to employees to make sure that
legitimate interactions are being established before opening any email or
clicking on an attached link; it may seem simple, but the single awareness of
the human factor on these issues can help prevent incidents like this and
further data breaches.
