Gain board level insights on your true cybersecurity posture and track progress over time
Discover MoreAnalyze the building blocks of successful breach scenarios so you quickly take corrective action
Discover MoreAddress risks from new users, endpoints, apps in an automated fashion so you can focus on more strategic tasks.
Discover MoreSafeBreach Labs has updated the Hacker's Playbook™ with new simulations for attacks described in US-CERT Alert (TA18-275A), centered around an Automated Teller Machine (ATM) cash-out attack scheme attributed to the North Korean government (dubbed HIDDEN COBRA) — this attack is referred to by the U.S. Government as “FASTCash.”
FASTCash, is an attack that allows for unauthorized withdrawal of cash from ATMs at compromised banks. This is a multi-staged attack, with initial compromise thought to be via phishing attacks on bank employees, then moving to a combination of targeted malware as well as legitimate administrative tools.
These attacks have successfully targeted banks in Africa and Asia, and managed so far to extract tens of millions of dollars. SafeBreach recommends that financials and related businesses in all regions simulate this attack to identify whether or not they are protected against this campaign. As always, SafeBreach Labs will continue to monitor the situation, and develop new simulations as necessary.
To assess security control effectiveness against techniques involved in this attack, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint and network security controls:
Playbook #1675 & #1678 - Email FASTCash malware
Playbook #1668 - Transfer of FASTCash malware over HTTP/S
Playbook #1666 - Write to disk of FASTCash malware
Additional breach methods added recently include:
Copyright © SafeBreach Inc. 2019