A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique.
The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack.
The Italian Carabinieri identified 12 people, 6 have been already arrested, 3 are currently restricted in Poland, one has returned to Moldova before being stopped and 2 may no longer be on Italian territory.
According to local media, the gang had numerous logistical bases in the provinces of Milan, Monza, Bologna, Modena, Rome, Viterbo, Mantua, Vicenza and Parma.
In this attack, a black box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine.
The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs.
Below the list of the compromised ATM:
Poorly protected ATMs are more exposed to this type of attack because crooks can easily tamper with their case in order to connect the mobile device.
In July, Diebold Nixdorf, a leading manufacturer of ATM machines, issued an alert to customers warning all banks of a new variant of ATM black box or jackpotting attacks. The alert was issued after the Agenta Bank in Belgium was forced to shut down 143 ATMs after a jackpotting attack.
All the compromised machines were Diebold Nixdorf ProCash 2050xe devices. This was the first time that Belgian authorities observe this criminal practice in the country.
According to the security alert issued by Diebold Nixdorf, and obtained by ZDNet, the new variation of black box attacks has been used in certain countries across Europe.
(SecurityAffairs – hacking, black box attack)