Attackers took advantage of a bank employee to penetrate their computer infrastructure
Redbanc, a company responsible for administering the interbank ATM network in Chile, suffered a serious cybersecurity incident, reported network security and ethical hacking experts from the International Institute of Cyber Security.
After some local media began to follow up on the incident, Redbanc published a statement admitting the security breach, noting that during the attacks, their networks were not interrupted and managed to work regularly. “The event had no impact on our operations. In accordance with our security protocols, we will keep the authorities and other stakeholders in the industry informed of any new details”.
Although on a daily basis hundreds (even thousands) of cyberattacks are presented, this one called especially the attention of experts in network security; according to the first investigations, in this attack was used a malware called POWERRATANKBA, linked to the group of hackers sponsored by the government of North Korea known as Lazarus.
According to local media reports, the attack began with a LinkedIn announcement that offered a job as software developer, an announcement to which a Redbanc employee responded. The attackers agreed a fake job interview via Skype with the bank employee, where he was asked to download a file called ApplicationPDF.exe, which infected the computer of the scam victim.
Network security experts believe that malware was successfully executed, allowing attackers to explore the enterprise network for vulnerabilities; the company later realized the intrusion, which helped blocking later attempts.
Cybersecurity specialists consider this to be a very sophisticated form of social engineering because, having opted for the use of email, attackers would have been less likely to commit this intrusion, so resorting to the use of platforms like Skype or LinkedIn is an unexpected move: “In the end, what matters is reaching the target, not so much the medium used”, commented the experts.
Surely there are several lessons to be learned from this incident. It is essential for organizations to assess their structure to determine where these vulnerable points are, which favor the deployment of social engineering campaigns before the attackers exploit their weaknesses.
It is also up to employees to make sure that legitimate interactions are being established before opening any email or clicking on an attached link; it may seem simple, but the single awareness of the human factor on these issues can help prevent incidents like this and further data breaches.