Lazarus Group found a new way to rob ATMs

Lazarus Group, also known as Hidden Cobra, is famous for its 2014 attack on Sony Pictures. Besides the attack on Sony the same group has been attacking ATMs from Asian and African in 2016. Now they have been specialized in cyber attacks, known as “FASTCash” operations, against bank networks.

FASTCash cyberattack remotely compromise payment switch application servers within banks to facilitate fraudulent transactions.
The ‘FASTCash’ move final goal consists in fraudulently emptying ATMs of cash. To make this possible, Lazarus first attacks targeted banks’ networks and compromises the switch application servers that are managing the ATM transaction. After breaching a server they deploy the Trojan.Fastcash malware.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

The malware was first spotted in early October by the Department of Homeland Security (DHS), the Department of the Treasury and the FBI. The malware is used to intercepts fraudulent cash withdrawal requests and to send fake approval responses. After making a malware analysis on Trojan.Fastcash, researchers discovered that the fake approval response is done by injecting a malicious Advanced Interactive eXecutive (AIX) executable into a legitimate process on the switch application of the network that handles ATM transactions. Once the AIX is in place the Lazarus hackers can intercept the incoming messages and generate transaction request.

The US Government says that the North Korean group hackers will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.
By this date, the Lazarus group managed to steal tens of millions of dollars from ATMs in over 30 different countries. The Lazarus Group must be highly successful and motivated by their continued success and financial earnings because the FASTCash cyberattacks are not considered part of the group’s main activities.

Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.