Pulse of Truth

1423 readers

115 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

Hidden Backdoor Found in ATM Network via Raspberry Pi (www.infosecurity-magazine.com)

submitted 3 days ago by lemmydev2 to c/pulse_of_truth

6 comments fedilink hide all child comments

A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques

you are viewing a single comment's thread
view the rest of the comments

[–] Onomatopoeia@lemmy.cafe 30 points 3 days ago* (last edited 3 days ago) (4 children)

attackers had physical access to a network switch

physically connected a Raspberry Pi device to a network switch shared with an ATM. Equipped with a 4G modem, the device allowed attackers to remotely access the bank’s internal network over mobile data, completely bypassing perimeter firewalls.

Well, no shit. If you don't have physical security, you don't have any security. This is like security 101.

[–] wizardbeard@lemmy.dbzer0.com 13 points 3 days ago (1 children)

There are mitigations possible against allowing unrecognized MAC addresses from getting network connection when plugged into an open port.

Security is meant to have layers. Defense in depth.

[–] ryannathans@aussie.zone 7 points 3 days ago (1 children)

Can't be forgetting 802.1x

[–] ramble81@lemmy.zip 3 points 3 days ago

I’ve seen ATMs using Windows 7 embedded. 802.1x support on 7 (let alone embedded) was extremely janky at best. Also it didn’t support some of the features that modern switches support too. That’s not an excuse for them but most likely their “defense in depth” was very limited and they just didn’t do quite a bit of it.

load more comments (2 replies)