Today in Security - Breaching a Bank

Today in Security: Breaching a Banking Network

Redbanc, which runs the ATM inter-bank network in Chile, confirmed in January that its network had been breached in late December.​

The attack was notable for several reasons, according to a recent analysis by nakedsecurity.com.  One reason was that it was an attack on a firm that manages the ATM network for an entire country. Another reason was that it was suspected that the malware used against Redbanc was PowerRatankba, a platform connected to North Korea's notorious Lazarus group.

But perhaps even more noteworthy was the inventive way in which the attack happened, at least according to what was pieced together by local published reports. According to a Chilean news site, the attack started with a fake public advertisement on LinkedIn regarding a software developer position. A Redbanc employee replied to the ad.

The attackers then set up a Skype call to conduct a bogus interview with the applicant. The applicant was tricked into downloading a file sent via a weblink. The file subsequently infected the employee's computer with malware. The malware then allowed the attackers to explore the banking network for security gaps.

To some, the fact that the attack started with a LinkedIn ad made the scheme more convincing than it would have been if it had started from a common phishing email.  

As it happens, this month's issue of Security Management features an article, "The Cost of a Connection," that explores the different ways that malicious actors are using LinkedIn for fraudulent purposes.